This article was originally posted on the EMEA Rockwell Automation blog.
To achieve true business agility, machine builders and their customers need to create a seamless information flow from machinery to the enterprise.
But effectively connecting the enterprise is a journey. No single product, technology or methodology can fully secure industrial applications.
Protecting industrial assets requires a layered approach that helps mitigate various types of security threats – both internal and external. It also takes a comprehensive approach – one that extends beyond the stand-alone machine to include data, policies and procedures – to help address the myriad of people, process and technology-related security risks.
OEMs can take steps to securely integrate machinery into a plant network, protect intellectual property at the machine level, and provide secure remote access for their customers.
Take a Defense-in-Depth Approach
Devices within a machine and plant need to talk with one another, as well as those at the enterprise level, to help organizations better understand complex manufacturing processes. Using a unified networking infrastructure that is based on standard, unmodified Internet Protocol (IP) helps create a seamless flow of information, but also requires protecting industrial assets from security risks.
This requires a defense-in-depth security approach, which is based on the idea that any one point of protection may, and probably will, be defeated. This approach requires multiple layers of defense to help ensure a weakness or flaw in one layer can be protected by strength, capabilities or new variables introduced through other security layers.
Defense-in-depth security focuses on physical, network, computer, application and device security. OEMs can build these layers of security into machinery. Physical security mechanisms include guards and gates, and a network-security framework with firewalls, intrusion detection and prevention systems (IDS/IPS), and managed switches and routers.
Software vulnerabilities can provide an easy route for intruders to gain access to automation systems. OEMs can use advances in computer hardening (e.g., antivirus software or application whitelisting) to help protect customers against unwanted access.
Computers on the plant floor, such as an HMI or industrial computer, are susceptible to malware cyber risks, including viruses and Trojans. Software patching practices can work in concert with hardening techniques to help further address computer risks.
Restrict Access to Valuable Data
Setting up policies that control human interaction with end-user systems can help prevent information theft, whether users are internal or external, on-site or remote.
Using software tools such as the FactoryTalk® Security architecture allows end users to centralize authentication and access control by verifying the identity of each user who attempts to access the automation system. The software then communicates with the FactoryTalk Directory services platform to determine what the user is and is not permitted to do with that software and either grants or denies each user’s request to perform particular actions.
Provide Secure Remote Access
With the correct security procedures and architectural systems in place, remote monitoring through open-standard networks can provide OEMs and their customers with an unprecedented ability to remotely oversee operations, perform real-time diagnostics and keep maintenance costs low.
Many organizations are using cloud-based computing to enable 24/7 monitoring of manufacturing operations on virtually any scale. Moving remote access and support to the cloud, through a secure EtherNet/IP™ connection, helps OEMs monitor performance and quickly send critical data to the appropriate person.
Check out the latest issue of Security Matters for more ways to build security into your machinery.