Part One - External Security, Part Two Defending Your Plant
By Rich Merritt
Someday, your process plant may look like the Deloitte Cyber Centre in Amsterdam, a veritable fortress. The computer center is surrounded by a high fence, a guardrail and road barriers to keep vehicles from smashing through, pressure sensors in the parking lot to detect the movements of vehicles, infrared sensors and video cameras to track the comings and goings of people, computers that monitor the sensors looking for suspicious behavior, and multiple levels of security, starting at the front door.
For a visitor, getting all the way into the data centers inner sanctum server farm requires a guide, ID card, passing through multiple entry points and finally through a man trap door (one door opens into a tiny, glass-enclosed room, where you wait for security systems to open the second door). Security computers know who you are and where you are at all times. If the computer is unhappy with you, the man trap will hold you until security arrives.
Setting up such a system is a whole new challenge for a process control engineer. Yet, as security concerns escalate across the industry, you may be shopping for man traps soon. Table 1, Threats and Mitigation, describes the various problems you might face, and the security solutions that will work. Its up to you to decide if you have a high-risk chemical facility or a low-risk toy distribution center, and how much security you need.
In the old days, chain link fences and junkyard dogs were enough to scare off intruders and trespassers. But times have changed. If you have a plant that might be the target of terrorists, industrial spies, activists, the anti-this or anti-that group, disgruntled employees or sophisticated thieves, your security problems have increased a thousand-fold.
Fortunately, major control vendors are collaborating with security firms and integrating security functions with process control and building automation systems, so help is available. For example, ABB and Saab just agreed to combine automation and security for municipal and industrial sites. Honeywell integrates its own security equipment into its DCS, Invensys adds video from Industrial Video & Control Company to its DCS, and Emerson works with Cisco.
Soon, you will be able to monitor security at your chemical, water treatment, food manufacturing or other high-risk facility right at your HMI workstationsstarting with perimeter security.
On the perimeter
Lets start with fences around the plant. A good fence deters, detects and defends. However, a skilled person can still climb any fence. Research at Sandia National Laboratories shows that a highly skilled trespasser can get to the other side of a well-designed fence in about four seconds. Even unskilled trespassers, using screwdrivers as handholds, can get over most fences in 15 seconds.
The best you can expect from a normal industrial fence is a 40-second delay at the perimeter by using a series of fences, barbed wire, razor wire and other devices. This gives the system time to determine if there is an intrusion, notify the proper authorities, and delay the intruders long enough for security to respond.
Figure 1. A good fence should delay intruders for about 40 seconds, giving security time to respond. Sensors using fiber-optic cable, coax or taut wires, detect when somebody climbs the fence.
Some intruders, however, come right through the main gate.
Almost all high-risk plants have some sort of guard shack to stop vehicles for a check. But how much protection do you need? It probably depends on your assessment of the risk, or how much the Department of Homeland Security.
Keeping vehicles out requires barriers. The day we interviewed David Dickinson, senior vice president at Delta Scientific, terrorists bombed the U.S. embassy in Yemen. Delta Scientific had installed the barriers that kept the terrorists from getting too close to the embassy building. Although the building suffered minor damage and people in front of the building were killed, vehicle barriers kept the truck with its bomb from doing more extensive damage to the embassy. So, barriers work.
Today, at high-risk production and distribution facilities, more is needed at checkpoints than simply verifying if a person is authorized to enter, says Dickinson Security systems must be employed that stop a vehicle, even one weighing 15 tons going 50 mph, dead in its tracks. That vehicle must be stopped where you want it stopped. Figure 3 illustrates how a bollard barrier stops a vehicle (you can see video of this at http://www.deltascientific.com/vid_dsc600.htm)
Figure 3: STOP THAT TRUCK!