The dichotomy between HMI and field devices

Jan. 30, 2008

Last week at Distributech in Tampa it was interesting to see the dichotomy between many of the HMI suppliers (SCADA) and field device suppliers (PLCs, RTUs, IEDs, smart transmitters and drives, etc.). SCADA and DCS vendors have recognized the need for securing the Windows or Linux-based HMI. However, many field device suppliers (even from the same parent companies that supply both SCADA, DCS, and field devices) have n...

Last week at Distributech in Tampa it was interesting to see the dichotomy between many of the HMI suppliers (SCADA) and field device suppliers (PLCs, RTUs, IEDs, smart transmitters and drives, etc.). SCADA and DCS vendors have recognized the need for securing the Windows or Linux-based HMI. However, many field device suppliers (even from the same parent companies that supply both SCADA, DCS, and field devices) have not embraced security to the same degree. Consequently the current state-of-the-art technologies for many field devices include blue tooth, zigbee, backdoors, and inadequate electronic communication logging.  Making this point more emphatic, I had a discussion with a major control system vendor who said that security is mainly the end-user's issue. He was assuming that the HMI was secure coming out of the factory and so it was the end-user's responsibility to secure the interconnections of secure devices. Unfortunately, this model doesn't work when the devices to be connected are not themselves secure.  This dichotomy ends up affecting the INL/SANS Procurement Specification program as it doesn't address the field devices which are generally not Windows or Linux-based.

Joe Weiss

Sponsored Recommendations

IEC 62443 4-1 Cyber Certification – Why ML 3 is So Important

The IEC 62443 Security for Industrial Automation and Control Systems - Part 4-1: Secure Product Development Lifecycle Requirements help increase resilience for control systems...

Multi-Server SCADA Maintenance Made Easy

See how the intuitive VTScada Services Page ensures your multi-server SCADA application remains operational and resilient, even when performing regular server maintenance.

Your Industrial Historical Database Should be Designed for SCADA

VTScada's Chief Software Architect discusses how VTScada's purpose-built SCADA historian has created a paradigm shift in industry expectations for industrial redundancy and performance...

Linux and SCADA – What You May Not Have Considered

There’s a lot to keep in mind when considering the Linux® Operating System for critical SCADA systems. See how the Linux security model compares to Windows® and Mac OS®.