CG0811_InsideButton
CG0811_InsideButton
CG0811_InsideButton
CG0811_InsideButton
CG0811_InsideButton

Defending Your Plant

Nov. 3, 2008
Securing the Perimeter Just Isn't Enough. You Have to Have Inside Defense Too

Part Two—Inside Security, Part One Access Control

By Rich Merritt

That nice-looking sales rep in the business suit got through the perimeter security and has arrived at the guard shack, seeking admittance to the plant for an appointment with Paula Process, one of your instrument engineers. The rep could be packing a Heckler & Koch 9mm pistol, be wrapped in explosives under that suit coat or carrying a bomb or an AK 47 in the attache case. Can your security handle this?

I visited a number of chemical and petrochemical plants in the past year with sales reps and realized that I could be carrying all of the above, and only a few of the guards would have detected my armament. I did, however, have to watch some silly videos in guard shacks explaining the plants’ rigid security policies. Clearly, internal plant security is going to have to change—and the Department of Homeland Security is going to force it upon any plants that it deems at risk.

Many plants use a system based on trust; that is, if the guards or someone else at the plant know the sales rep or the consultant, they often let anybody into the plant who is accompanying the trusted person. That’s how I got into the plants—I was with our rep. This method seems to work well, especially at low-risk facilities. However, it’s a tempting weakness in the system for those with less benign intentions. How rigid you must be in screening visitors depends, once again, on your own security assessment and the recommendations of security consultants.

Figure 1: ACCESS CONTROL
ID cards control access to restricted areas. Video can record who used the card.

Keeping Track

Obviously, the simplest answer to a sales rep/terrorist is to have airport-like security at the plant entrance—a metal detector or one of those wands airport security people use to check you over, and inspection of all incoming attache cases. That will find the weapons and bombs, but it doesn’t deal with the problem of having a smart terrorist on the premises who is not so much interested in blowing things up as in messing with your processes and who knows how to sabatoge things electronically. The answer is to control access to vulnerable areas and track where everybody goes.

Honeywell’s Geismar chemical plant in Geismar, La, follows a structured plan that identifies people and assets, controls access to secure areas, and tracks people and assets in the plant at all times (The Inside Job at the end of this article). The plan applies to all key areas of the plant that are vulnerable to damage, such as control rooms, storage tanks, pipelines, shipping areas, laboratories, data centers, offices, etc.

Such security plans are being employed all over the country in all types of plants. Even at Involta’s new data center in peaceful, crime-free Marion, Iowa, 28 security cameras keep an eye on the premises and on visitors. Access to the inner sanctum server farm is controlled by proximity card readers and eye scanners that analyze the iris—the visible colored ring around the pupil—to authenticate authorized individuals.

Figure 2: Watching Via Ethernet
At Simi Valley’s water treatment plant, a security system from IVC and Invensys controls access through doors, and monitors who comes and goes by video transmitted over an Ethernet network.

A simple card ID system (Figure 1) can restrict access and track who comes and goes into and out of restricted areas. Other equipment to perform access and tracking functions includes GPS tracking systems, RFID monitoring of people and assets, vendor verification systems, license plate recognition systems, motion sensors and biometric systems, such as facial recognition, palm readers and retinal scanners.

For access to areas of highest security, you may want to follow the Involta data center model and require two forms of access, such as an ID card and a biometric.

A traditional solution involves locked doors everywhere, which requires keys issued to engineers and technicians. But keys present a problem—what do you do when somebody loses a key? When a key is lost, you have to change all the affected locks. This can be a big—and expensive—problem in a large building or in a facility that has remote locations. An integrated video and access control system eliminates the cost and inconvenience of keys.

RFID Tracks People and Assets

RFID badges and tags allow the plant to track the comings and goings of people and assets, even if they don’t pass through access-controlled doors. They also help prevent theft.

One major security problem in industrial plants is the theft of copper, although the same preventive strategies can work with other high-value items. It’s not just intruders jumping over a fence at a remote power station and stripping wires; it’s also employees who help themselves to your stores of copper wire, fittings, pipe and other parts.

Figure 3: BIG BROTHER IS WATCHING YOU
Cameras mounted high on poles at the Simi Valley water treatment plant transmit images via wireless to the control room.

RFID tags hidden in wire bundles or affixed to copper parts can trigger alarms when thieves try to remove them from storage areas or drive through a security gate. RFID tags work on any other assets that are likely to be stolen, moved to another area, or misplaced. Lost the portable flow calibration kit? If it has an RFID tag, asset management software can tell you the last detector it passed by.

The Active-Beaconing RFID tag from GAO RFID is an ideal solution. It transmits its ID every two seconds and can be read from 98 ft, so anyone carrying an item with the tag can be detected by any RFID monitor. It also has an anti-tampering feature that sends an alarm if anyone tries to dislodge it. Similar RFID tags are available from a host of vendors.

Of course, if your plant has remote areas, you might have the same problem as Duke Energy did. Duke Energy in North Carolina was being plagued with copper theft at its substations and construction sites. Standard video monitoring was ineffective because of the distances involved. It was too expensive to transmit live images long distances over wire, so Duke tried to use cameras and recorders. All Duke’s security got for its troubles were hours of videos of intruders and crimes committed the previous day, but not sufficient evidence to prosecute the thieves.

Duke Energy installed Videofied, a wireless security system that reports video alarms over a cell-phone network. When an intruder trips a motion sensor, the night vision camera takes a 10-second video and sends it to Duke’s monitoring station. Once security personnel see what is happening, they call the police. Now, instead of just having videos of crimes, Duke Energy has videos of police arriving on the scene and arresting thieves carrying armloads of copper.

The Big Picture

Enabling a single point of viewing for the entire enterprise could be the next trend, says Hesh Kagan, Managing Consultant, Enterprise Architecture and Integration, at Invensys Process Systems (IPS). “Merging physical security and control system monitoring enables users at control stations not only to see who is near their systems at hand and far away, but also to monitor process anomalies, such as steam emissions, leaks and excess vibrations,” says Kagan.

IPS and its partner, Industrial Video & Control Company (IVC) are integrating access and perimeter monitoring systems with plant control systems. IPS consultants develop fully integrated solutions based on implementing a secure wireless infrastructure that includes video. IPS defines policies and procedures for managing available wireless bandwidth to enable multi-purpose integration of video monitoring, while IVC implements cameras at strategic locations to implement the plans.

Figure 4: WATCHING FROM THE CONTROL ROOM
Camera images from all over this water treatment plant in Nevada can be viewed on the plant’s HMI/SCADA system.

“Operators at workstations can also control the viewing angle and zoom on these cameras, so they can get a really clear picture of what is going on with their systems,” says IVC president Norman Fast. “This is valuable whether the systems are in a room down the hall or coming from a remote, hazardous location miles away. This saves time, money and surely improves safety.”

An IVC installation at the Simi Valley Water Works in Simi Valley, Calif.,(Figure 2), is an IPS-based video system that is used for both security and monitoring operations. It accommodates access control, security and SCADA, with additional cameras (Figure 3) added as needed to monitor key locations. Operation of all this is managed by IVC video management software, which includes an alarm server that listens for and parses alarm messages from access control systems, perimeter security devices, motion detectors and the SCADA system.

Honeywell, Invensys and other control system vendors, working with video suppliers like IVC, have successfully integrated video monitoring with HMI/SCADA systems, so operators at process control systems, building management systems and security systems can watch and record what is happening in and around the plant. Unlike the closed-circuit TV systems of the past, these new video monitoring systems integrate directly into the plant’s existing wired or wireless industrial networks.

Apprion Inc. has created an integrated video, voice over Internet protocol (VoIP), data backbone called ION that integrates these new video monitoring systems directly into the plant’s existing wired or wireless industrial networks. Not only can operators see intruders, they can watch over the entire plant.  

Rich Merritt is a Control contributing editor.

Securing the Control Room

One of the key targets for bad guys is the control system. If they know what they are doing, they can overflow a tank, blow up a batch reactor, steal information from your system or otherwise wreak havoc. You should physically protect your control system from an internal assault by visitors, vendors or disgruntled employees.

Several years ago, a process control engineer explained to me the security procedures his company followed when installing control systems in areas of the world where plants are vulnerable to sabotage. He explained that control and equipment rooms—because they are clean and air-conditioned—are favorite gathering places for employees.

Many control rooms are “trophy rooms,” he said, where management brings visitors to show off their ultra-modern displays, wall panels, wide-screen TV monitors and so on. In both cases, visitors and workers will sit at HMI displays and play with the keys and displays. To ensure that no one can change the control system either intentionally or unintentionally, this  process control engineer recommends securing everything from the hardware controllers to HMIs in the control room:

  • Put locked bars over the controller faceplates so no one can manually change settings.
  • Lock the cabinet containing the controllers.
  • Lock the room containing the cabinets.
  • Control access to the building containing the controller room.
  • Put the main control room on a different floor or in a different building.
  • Control access to the main control room.
  • Make sure that the HMIs in the main control room can only monitor the system, not change controller settings.
  • Put HMIs that can change controller settings in a different locked room.
  • Protect those HMIs with user names and passwords, so only a very few authorized people can change control settings.

While these may seem excessive for a domestic plant, such Draconian procedures make it very difficult for anyone to gain access to critical control equipment. Modern technology even makes it possible to move the actual control room hundreds or even thousands of miles away from the plant. At the very least, all the plant’s data, configurations, historians and software should be backed up—perhaps at a secure data center in Marion, Iowa.

Security at Geismer, Part 2: The Inside Job

The Honeywell Geismer plant in Geismer, La., follows a structured, layered approach to plant security that involves procedures and hardware to

  • Identify and control who enters and exits a facility.
  • Track movement of building occupants and assets.
  • Control access to restricted areas with ID cards.
  • Track and locate equipment, products and other resources.
  • Track the location of personnel on the site.
  • Integrate security and control systems.

Assets are tracked with RFID tags. The system monitors mobile physical assets continuously throughout the facility. This helps reduce theft and loss of intellectual property and decreases lease and capital expenditures by continuously tracking the real-time location and utilization rates of high-value equipment. The solution also increases process uptime and helps to improve regulatory compliance by ensuring that equipment can be located for scheduled maintenance or recalibration.

Security cameras inside the facility watch the comings and goings of people on the site.

Since Honeywell's building and process control systems share the same distributed server architecture, the company was able to integrate physical and cyber security tightly with control systems.