'Stuxnet is a real wakeup call for us and our customers.' A renewed concern for control system security was among the many topics of conversation when Walt Boyes interviewed Steve Sonnenberg, Peter Zornio and Jane Lansing at the 2010 Emerson Global Users Exchange in San Antonio, Texas.
Sonnenberg talked about other trends going forward. "'Solutions'—what a way overused word," he said. "But there are different levels of solutions and our customers are driving us in that direction. There are point solutions, application solutions and enterprise solutions. Each of these levels requires different application of our products and integration skills. We need all the expertise we can get, because we are acting more and more like consultants and system integrators for our customers."
Zornio said that one of the most troubling trends he sees is the supportability of open systems or commercial off-the-shelf (COTS) systems like Windows. "We have to do something," he said. "Our customers are telling us that they can't support the annual upgrade cycle. 'Don't upgrade just for that one thing,' is what they are saying. 'Wait until you have a big bunch of new features before you upgrade.' We need to think this through, and it is an important driver for Human Centered Design."
Zornio said that there are times he wonders if the decision to abandon proprietary systems was a good idea. "Probably we couldn't go 'Back to the Future' though," he said. "Doing what we do with proprietary systems would be incredibly costly. We get a huge benefit from the technical developments in COTS digital networking, so we probably wouldn't get any core benefit after all."
The big issue of the day for control system security is, of course, the Stuxnet virus. "Stuxnet is a real wakeup call for us and our customers," Sonnenberg said. "We have to work even harder on making secure control systems, and creating a security-focused culture both at Emerson and at our customers' enterprises."
Emerson has achieved some security milestones, which the executives revealed. Smart Wireless is Achilles Level One certified for security. Together with Dust Networks, the producer of the WirelessHART firmware that Emerson uses in Smart Wireless, Emerson has achieved FIPS 197 certification. FIPS is a certification of the U.S. government that makes it possible to run classified data over WirelessHART.
Another big trend in the automation space is the lack of experience in automation professionals—the "perfect storm" between increasing complexity of tasks and decreasing experience and initiative. "I think one of the reasons that safety-related incidents keep happening," Sonnenberg said, "is the fact that even though there are pages and pages of instructions and procedures that the operators are supposed to follow, they often don't. Procedures are going to be even more important than in the past, and to make headway with safety and security, we are going to have to follow procedures more closely."
It takes a certain operational rigor, Lansing said, "and management rigor is also required."
We could all take a page from the airline industry's attitude toward safety and security, Sonnenberg said. "They understand—and they hardly ever forget—that they are working in an inherently dangerous endeavor," he said. "Sometimes we in the automation industries tend to forget that."