July 2002 Mfg.Trust

Mfg.Trust is a monthly feature of the
            NCMS InfraGard Manufacturing Industry Association
                        Infrastructure assurance for manufacturers
                                    Powered by NCMS.

This month – Manufacturing Process Control Security

Avoiding deadly errors - Determination of industrial control system cyber security vulnerabilities in the discrete manufacturing sector

Accompanying Resource Page for this Story 

Editor's Preface: 

Conscious of the fact that even an accidental industrial control failure can create a dangerous situation involving high value assets, engineers have implemented safeguards at every level, from individual logic controllers to overall system designs. These systems have worked well. However, the environment in which these systems are used has changed, and often the systems have not yet adapted.

Back in the times when industrial control systems were completely contained within the plant facility, security was primarily concerned with safety and access control for workers and visitors. In the same era, robbing banks also required that you physically visit the bank (a hazardous occupation with those straight shootin’ G-men around!). More recently, both banks and factories have extended access to their control systems beyond their walls. This change in environment introduces new vulnerabilities and issues, perhaps in the place where you work.

This month’s feature focuses on the vulnerability of industrial control systems to mistakes and malicious acts because they are connected to networks. If you spend a lot of time in an industrial facility, we hope you’ll consider these issues and look at the facility a little differently, so you can more knowledgeably protect your co-workers and your company from harm.

NCMS is leading a major initiative in manufacturing process control security with our membership and government partners. We recently held a workshop which brought together dozens of concerned industry leaders to brainstorm the “what if” and “what can we do about it” of industrial control vulnerabilities. In short, they sort of scared themselves. In just one day knowledgeable people came up with some terrifying and not-too-hard-to-execute scenarios. This group will responsibly and privately work on solving the problems.

This month’s feature is based on the work of NCMS’ Tony Haynes, who is leading this NCMS initiative. In addition to browsing the article below, don’t forget that there is an extensive page of links and resources available to you free at http://trust.ncms.org, under the Publications Index tab. These resources exist for all Mfg.Trust features.

John Sheridan (johns@ncms.org )

MANUFACTURING PROCESS CONTROL SECURITY

Industrial Systems were Historically Different than Business Systems

An industrial control program might be the program that orders a machine to drill a hole, including commands for the location and orientation of the hole, the depth, and which drill to use. Or, it might order the transport of parts from one place to another. Industrial control systems differ(ed) in a few important ways from the PC-based computer systems that we may know well. These differences include:

First, the same machine or control system is operated by numerous well-qualified persons on different shifts, and one operator will likely control several systems. Unlike your computer on your desk, it was impractical and ineffective to have a password belonging to an operator or a machine. Control was achieved by only permitting qualified operators on the floor and the specialized knowledge necessary to operate the machinery.

Second, factories are likely to contain specialized machines such as robots or machine tools that utilize specialty controllers connected over a high speed proprietary interface. These proprietary systems have no office counterpart.

Third, control networks are real time systems and demand adequate communications bandwidth. To gloss over a longer story, techniques like encrypting data don’t work well with high bandwidth real time systems.

Then the Environment for Industrial Systems Changed

The Internet invaded industrial control systems because management needed better quality and more timely information on production progress, which they could obtain by connecting factory systems to business systems, which are Internet-dominated because of their economy. An important driver for this need was managing just-in-time production. A manufacturing manager really needs to know if they have all the parts necessary to build their widgets each day, or hour. Without inventory, you need good insight into the status of component parts manufacturing to get early notice of any trouble. That status is obtainable by looking into the component part manufacturing operation.

As these connections developed, not only did Ethernet networks and Internet protocol devices dominate business computing systems, but Ethernet is rapidly replacing proprietary networks at the factory backbone level and also for subnets. That fact drives shop floor information system security concerns because it now establishes a single transport mechanism, TCP/IP, for all communications from the Internet to factory floor control systems and intelligent devices.

Remember the television ad about the little Japanese girl reprogramming the paint line to paint the car with her name? Her Internet access to an industrial system makes that hypothesis seem possible. Business people are not the only people using the Internet.

Two other environmental factors are of particular concern to security experts:

* Specialty controllers are now frequently attached to a modem to support remote diagnostics by the machine manufacturer. Modems left connected in this fashion are an open invitation to hackers.

* It is increasingly common to find wireless access points connected to the backbone and wireless sensors connected to machinery for monitoring purposes. Many companies are also beginning to use wireless devices such as PDAs or pocket PCs for supervisory or maintenance access to shop floor information.

Sorting the Welcome from the Unwelcome

Most enterprises separate internal business, customer-facing information systems, and manufacturing facility systems from each other. The company’s web presence is normally outside its business information systems and separated from them by security defenses such as firewalls. Access control and authorization methods are used to establish the identity and privileges of those entering a network. Most companies will offer some sort of connectivity to support remote access by travelers, remote offices and the like. The operating systems and infrastructure components at this level serve the mass market. Security issues at the corporate business information system level are relatively well known. Security issues in this new factory floor environment are not so clear.

No single supplier of industrial automation equipment can possibly provide everything necessary to automate a factory and the cost of integrating several proprietary systems is prohibitive so users demanded and received support for open systems interfaces. As a result, clients connected on any of the factory networks (the factory backbone, Ethernet subnets, any of the control networks, and of the device networks) can communicate with any of the intelligent devices in the factory – unless the system is designed by the implementer to control access. That means that in the absence of a factory information security policy, and where a factory has implemented a wireless access point, anyone with a laptop and wireless card could sit in the parking lot and link to any device in the factory. If that laptop contained a copy of the programming software for the particular brand of PLC used in that factory, the user could modify any program. This dire scenario is highly unlikely because most implementations include at least some safeguards but by the same token it is equally unlikely that even the majority of current factories conform fully to information security best practices.

In summary, IT security is an add-on feature to factory systems, and has not been engineered into the system. Further, mergers and acquisitions among equipment suppliers have forced IT security technology to the least common denominator of acceptable solutions.

What Are We Doing About This?

The National Information Assurance Partnership (NIAP) http://www.niap.nist.gov, a partnership between the National Security Agency (NSA) and the National Institute of Standards and Technology (NIST), provides technical support and guidance to industry to improve the information technology security posture of the systems and supporting operations that comprise the US national critical information infrastructure. One component of this effort addresses computer security for the networked digital systems used to control industrial production and distribution. NCMS is working with NIST to incorporate a systems approach to engineering security into the life-cycle processes of process control systems and the components that comprise such systems.

This effort is being carried out through the Process Control Security Requirements Forum (PCSRF), an industry group organized under the NIAP umbrella. The overall objective of this work is the development and dissemination of best practices and ultimately security standards that will be used in the procurement, development, testing, operation, and upgrading of industrial control systems.

NCMS held a workshop in Dearborn, Michigan on June 27th at which representatives from government, and NCMS members from auto OEM, auto suppliers, heavy equipment, aerospace, factory automation suppliers, factory communications, and technology supplier industries joined forces to systematically address these issues. This is an important national issue. If you are interested in joining the collaboration that will formulate solutions, please contact Tony Haynes.

If you liked Mfg.Trust, please forward it to a colleague in your company!

For questions, comments, or for NCMS Alliance Partners to request their own FREE subscription to Mfg.Trust, send e-mail to johns@ncms.org 

To unsubscribe please send a blank e-mail message to listmanager@ncms.org with the subject line "unsubscribe mfgtrust".