The susceptibility of critical scada systems to security issues confronts many organisations. While it may be rare to penetrate a control system directly from the Internet, corporate intranet connections, remote support links, USB keys, and laptops can all create pathways for the typical worm or hacker. Once inside, impacting an industrial control system is not difficult – in some cases, even the most basic scanning by a hacker or worm can wreak havoc.
Unfortunately, 99% of all scada and process control devices do not support even basic authentication and authorisation functions. Thus, these devices cannot take advantage of any of the security infrastructures offered by many corporate IT departments. Complicating the matter even more, many scada end users have found the common VPN solutions to be either unbelievably complex to manage in real-time or ill-suited for handling the protocols that are found in automation networks.
Security in aerospace manufacturing
A major aerospace manufacturer faced exactly these issues when securing the systems used in the production of its long-range passenger aircraft. Large, highly mobile crawlers with extensive PLC and HMI components are vital for the assembly of new aircraft. In order to coordinate that assembly, these PLCs require secure access to each other and real-time connection to the corporate network.
Since the PLCs are installed on mobile platforms, they require wireless access to communicate. However, the models of PLCs currently on the market cannot participate in the corporate public key infrastructure (PKI) system, which is a requirement for secure wireless communications. Furthermore, the plant security solution must modify security policy (and allow PLC to PLC connections) based on information from a large variety of sources that change rapidly. For example, the position of a crawler or the card scan of an operator will determine which PLCs can interconnect.
Scadanet Endboxes secure the PLCs
The solution is an architecture called Scadanet that provides a simple and secure encryption system between control devices. Each crawler is protected by a Scadanet Endbox. These Endboxes interconnect securely with other Endboxes over a variety of secure or insecure networks, including the corporate intranet, various cellular services or even the Internet. The Endboxes interact with the corporate IT security services, including the PKI system, to provide an encrypted overlay network between the PLCs assigned to them by the crawler operators.
F-Map ties it all together
Tying all the Endboxes together in a scalable manner is a central publish/subscribe repository of network information based on the interface metadata access protocol (IF-Map) technology. This Trusted Computing Group standard allows systems from different vendors to publish information that the Endboxes can use to determine security policy in real-time. For example, if the IP address of an Endbox changes because a crawler has moved into the range of a new wireless access point, then this information can be propagated to other Endboxes so that critical communications are not disputed. Or if an operator that is not approved for a given crawler swipes into the badge reader, the crawler can be immediately disconnected from the critical control network.
The Scadanet architecture, IF-Map and Tofino Endboxes provide a framework that allows the IT department to manage access to its services and yet let the scada engineers maintain full control over their network systems and devices.
Five data centre trends to watch in 2025
IT in Manufacturing
Any innovation that comes out in 2025 – whether it’s flying cars, highly advanced AI or a breakthrough medical treatment – will be built on the back of an equally innovative IT foundation driven by data. Data that needs to be stored, managed and made accessible in the data centre, in the cloud or at the edge. Is it too much of a stretch to say the future of humankind is dependent on data storage? We don’t think so.
Read more...Recovering from a cyberattack
IT in Manufacturing
While many organisations have invested heavily in frontline defence tools to try to keep out bad actors, they have spent far less time and money preparing for what happens when the criminals eventually get in. And they will get in.
Read more...The value of proactive maintenance management Schneider Electric South Africa
IT in Manufacturing
Maintenance has come a long way from the days when we waited for things to break, and thanks to the ever-increasing capabilities of technology, predictive maintenance has become a viable solution for keeping equipment running smoothly and efficiently around the world.
Read more...Pinpointing pipeline occurrences in seconds, not hours Schneider Electric South Africa
IT in Manufacturing
At any given moment, thousands of kilometres of critical assets flow through pipelines that cross veld, mountainous areas, dense forests, and even busy streets. Surprisingly, many of these pipelines operate either unmonitored or with scant oversight, leading to missed opportunities for operational continuity and efficiency.
Read more...Next-generation AI-enhanced electronic systems design software Siemens South Africa
IT in Manufacturing
Siemens Digital Industries Software has launched the latest advancement in its electronic systems design portfolio. The next-generation release takes an integrated and multidisciplinary approach, bringing a unified user experience that delivers cloud connectivity and AI capabilities to push the boundaries of innovation in electronic systems design.
Read more...Spatial computing and AI – where no man has sustainably gone before Schneider Electric South Africa
IT in Manufacturing
Some will argue that we now live in a sci-fi world where we dream of electric sheep, and today’s technology – unlike HAL – can provide us with the answers we seek. To the realist it might seem a bit implausible, but when you start using terms like ‘spatial computing realises sustainable AI’ it doesn’t seem that far-fetched.
Read more...Safeguarding DCS today and tomorrow Schneider Electric South Africa
IT in Manufacturing
Today’s distributed control systems (DCS) are highly intelligent, converging OT and IT in a centralised manner that allows for simplified management and coordination of operations. It is technology evolution at its finest, but with a caveat, cybersecurity challenges.
Read more...Quantum computing is not as futuristic as it sounds
IT in Manufacturing
The first quantum computer was created almost three decades ago. While its applications are still unknown to many, this advanced field combines computer science, physics and mathematics to deliver solutions the world has been trying to find for aeons – and those it doesn’t yet know it needs.
Read more...Transform field data into actionable business data
IT in Manufacturing
As part of its ongoing commitment to enhancing industry connectivity, Teledyne Gas & Flame Detection is making its new and proprietary Teledyne GDCloud available with the company´s GS700, GS500 and Shipsurveyor portable gas leak detectors, and also its PS200 portable four-gas monitor for personal safety and confined-space applications.
printer friendly version