Title Goes SECURITY & SUSTAINABILITY: IMPROVING FACILITY AUTOMATION SYSTEM SECURITY AND SUSTAINABILITY
The Problem Production environments are complicated today. The machines we use are powerful and at the same time, the control systems that make them function are becoming extremely sophisticated. Some of today s controllers, drives, and robots can and do have thousands of lines of programs and just as many variables. Manufacturing environmental changes regarding the complexity of the devices, networking, and regulations as well as pressure to perform financially, have contributed to the problems many companies are expressing. It would be easy to just try not to use the more sophisticated devices, but that involves going backward. Engineers and maintenance personnel are not replacing controllers with the relay logic systems of yesterday. The use of sophisticated devices allows for much better coordinated control of all the variables associated with a process, including tightly coordinated motion and communications. Operating in real-time, at fractions of a second, these machines perform extremely well and in very small packages. They have replaced huge relay logic systems that were many times larger, much more difficult to design and configure, and more difficult to troubleshoot and maintain. Networking these sophisticated devices with computers to perform even more sophisticated calculations and data analysis has produced some amazing benefits. At the same time, the network can bring problems that must be dealt with appropriately. Choosing not to network can also have a devastating impact. An isolated system is incapable of making rapid decisions about what to make and in which order. Also, the collection of quality data, for functions like advanced maintenance and performance analysis, is left to the human factor. Machines collecting machine data are not biased and do not adjust calculations and data. At the same time, connected machines become susceptible to remote configuration errors, penetration issues, virus infection, bots, rootkits, spyware, as well as a slew of other problems. Even with all of the problems that might occur, production environments benefit substantially from networked automation and not isolated islands of automation. Being able to diagnose and troubleshoot problems from a desk at corporate with the best engineer versus getting on a plane has huge ramifications. Being able to analyze quality and performance remotely machine by machine provides for huge improvements in throughput as well as quality. Analyzing for performance, machine by machine, allows for qualified decisions regarding which machines to upgrade, redesign, reconfigure, or replace. It allows for difficult analysis about turns and cycles that manually collected information cannot provide. Connected devices support excellent troubleshooting and diagnostic tools as well as allow for centralized backup of critical configuration data similar to the way computers are controlled as part of a corporate network. The 1
amount of labor involved in maintaining a control system that is disconnected is not that much different from the amount of labor involved in maintaining computers that are not part of the network. In a disconnected system, there is rarely a backup that is current and the assurance of a disaster-recoverable backup is not there, even when policies are in place to ensure the backups are kept. Rockwell Automation Product-based Solutions Rockwell Automation is serious about security and sustainability of the production environment. Some of the actions that you can take using Rockwell Automation to improve your security and sustainability are listed here: Secure by Design Consider implementing security by using the ControlLogix processor security lock in the future or turning it on if you already are using ControlLogix controllers. This feature can deny front port access to controllers from guest in your facility. You may even consider locking the cabinet doors and instituting a procedure for access. Secure by Procedure Putting the key switch in RUN prevents remote programming, including a remote firmware flash that could corrupt a controller permanently if performed incorrectly. One common problem in a connected controller world where people are rushed is the remote configuration of the incorrect device. If every device is in RUN except the one that you are altering, the odds of making a mistake are gone. Also, putting the controller in RUN requires a physical key change at the device to allow program configuration changes; therefore, even a penetration from outside could not alter the device until the key switch is changed from RUN. Centralized Automation System Security Consider implementing a centralized security administration system for configuration tools. Using FactoryTalk Security to secure access to the software that configures Rockwell Automation devices creates a much more secure environment, similar to moving from Windows for Workgroups (WFWG) to a domain-based system. FactoryTalk Security, included with most Rockwell Automation software products, can be run locally on a computer-by -computer basis (similar to WFWG) to secure access to Rockwell Automation software on each computer. It also can be purchased to support a centrally managed system, thereby substantially reducing the amount of work and governance required to administer access to your Rockwell Automation systems across the facility. FactoryTalk Security replicates itself automatically and enables even remote laptops to function reliably as part of the security system. 2
Asset Configuration Management Consider using FactoryTalk AssetCentre to manage changes to Rockwell Automation control systems, including automatic version control, disaster recovery backup, device configuration verification, and real-time auditing of user actions while working on these systems. Each FactoryTalk AssetCentre function is designed to insure that personnel require less effort, (less governance) to maintain these assets and yet insures an extremely reliable configuration set. No longer does someone call corporate looking for the program because they lost power to a device and the memory backup battery was bad, so the configuration program was lost and they can not find the latest one. At the same time, this system is secure and can easily be backed up to a remote electronic vault for extreme disaster planning. While these are great functions, the system also employs a real-time audit system that tracks all user actions; the event system tracks all system actions like the verification of the master code versus a device s actual configuration. Other Actions In addition to Rockwell Automation, there are some serious considerations that should be made regarding production environments when they are connected or even disconnected. Today it is easy to propagate a virus using a memory stick (the modern floppy disk). Work with IT to form a manufacturing, engineering, and IT group that understands manufacturing concerns and can work as a liaison with all of management, including operations, IT, and engineering, to better secure the automation systems. Within that group, consider some of the following: Consider using antivirus, spyware, or malware tools; backup everything periodically; and create a realistic disaster recovery plan. Consider using rootkit discovery tools also. Be cautious here and consider testing all of this in a lab prior to putting it into production. It appears so far that patch management causes more production outages than actual viruses. Also, all of these eat up CPU clock cycles on computers and can affect real-time operations. Caution is necessary and the lab can prevent a lot of problems from getting into production. The ISA has spent a great deal of time working on production security issues across many industries and vendors. Consider purchasing a copy of the ISA s99 documents and study them for best practice ideas. Go to www.isa.org Web site for more information. Rockwell Automation Network & Security Services Group Working with IT, analyze your topology, or hire a competent firm like Rockwell Automation s Network & Security Services Group to analyze for security and sustainability and install properly configured assets to support your disaster recovery plan. Our Network & Security Services Group will analyze your networks for current health and make recommendations. The net result of this type of analysis is that you will have an impartial baseline and know the exact status of each network in your automation environment. 3
We also can assess your automation systems security profile. This operation creates a baseline assessment for impartial strategic security planning. We also use well-trained experts to facilitate the effort to educate, plan, and create a security plan. Even if you have the resources and want to do it yourself, consider using a professional coach through the discovery and planning process. Conclusion Information-Enabled Control Systems today are critical to successful extraction of manufacturing data and turning it into business knowledge. Connecting these devices so that the data can be analyzed and utilized in business and engineering decisions is not something to fear, but to be embraced with knowledge and awareness. Rockwell Automation has integrated not only the control layer but the information layer using proven technology and at the same time embraced the security and sustainability issues. Publication SECUR-WP001A-EN-E September 2006- Copyright 2006 Rockwell Automation, Inc. All rights reserved.