everal years ago, Eric Byres, of the British Columbia Institute of Technology, showed me how easy it was to disrupt a plant process. He shut off a Brand A PLC in about 7 seconds. How did he do it? He did it by attacking the PLC via its communications bus.
Every month, we publish two newsletters: DigitalField Insider and SecureSystems Insider. In the current issue of DFI, (March 1, 2005) there is a White Paper on The Profinet Security Concept. I couldnt figure out whether it belonged in DFI or SSI. In reality, it could just as easily go in either, or both.
There is a nexus where the need for robust high bandwidth communication in the plant and in the enterprise crosses the need for security from hacks within and without. The point at which the necessity of securing the information being communicated impacts the ability of the communications medium to work to its full potential.
Smart instruments, indeed the very philosophical underpinnings of fieldbus technology, are about getting data in and out of the instrument and into and out of the controllers quickly and easily. On the face of it, this philosophy is entirely antithetical to the concept of information security.
Very few of the known attacks on process automation systems have been physical, or done from the instrument or controller itself. Almost all of them have been attacked by someone using the network the control system is attached to, or the Internet itself.
In the March issue of CONTROL, Rich Merritts cover story, Whats In Your Server?, talks a great deal about communications issues as a means to greater system security.
It seems we cant divorce the two. As a Honeywell executive once remarked to me, We never had these problems with the TDC2000. It wasnt connected to anything.
So, whats to do?
What needs to happen is that systems need to be designed, as Rich Merritt shows in his March cover story, with security in mind. Fieldbus protocols need to have security built in, and so do smart instruments and smart controllers themselves.
But even the smartest and most secure instrument, even the control system and network with state of the art security, is not immune from being compromised by people who bypass the security system. No system is immune from the operator who tells people the password.
The best digital fieldbus security system is a trained and capable operations force that understands the why and the wherefore of digital fieldbus security.
Click here to receive free copies of DigitalField Insider and SecureSystems Insider.