Give security measures top priority when implementing internet applications
It has often been said that a business’ most valuable asset is the data it generates, and nowhere is that statement more true than in the manufacturing and process industries. Until recently, real-time data generated on the plant floor were used solely to monitor and control manufacturing processes. Today, however, there is a universal desire to share these data across the enterprise so that manufacturers can better control not just their processes, but their entire business.
This vision of the integrated enterprise dates back to the earliest days of computer-integrated manufacturing. What has kept this concept from becoming reality is the lack of reasonably simple, standard methods of moving data from here to there. In other words, a way to make the systems throughout a manufacturing enterprise “plug and play.”
Few people, either inside or outside the computer industry, foresaw the explosive popularity of the internet and the technologies behind it. Now that it is evident that “the net” is more than a passing fad, industrial automation companies are quickly seeing the value of transmission control protocol/internet protocol (TCP/IP), web browsers, and other applications of this exciting technology as the network plumbing that could hold the integrated enterprise together. Viability of internet technology in the manufacturing/process enterprise was greatly enhanced with the production and proliferation of “web enabled” products.
Although the path to the integrated enterprise is clearly the internet, there are challenges. Businesses adopting internet technologies can now rely on a proven set of standard, readily available, open tools. However, that openness also requires users and suppliers — long accustomed to inherently secure, proprietary industrial automation systems — to take steps to ensure the security and integrity of their operations. Balancing openness and security is key to using internet technologies successfully.
Benefits of internet technology
Although, industrial users and suppliers are only beginning to explore the benefits of internet technology, some powerful applications and benefits are obvious. For example, internet technologies now enable cost-effective, easy-to-use remote process monitoring. In one case, 150 users of web servers are accessing company facilities throughout the southwest and analyzing data minute-by-minute.
Internet technology will eventually extend to controllers and end-use devices as well. A survey last year predicted that a new breed of web servers would be embedded in controllers and, eventually, in field devices as well. This advancement essentially will turn control networks into intranets. Workers will use web browsers as operator interfaces and be able to access control devices by entering their universal resource locators (URLs).
This development will mirror situations elsewhere in the enterprise where many companies are migrating common business applications, once located on individual client PCs, to web servers that are easily (and cost-effectively) accessible to anyone who needs the information. The common front end for such applications is the web browser.
Consider some of the financial benefits:
– Reduced training costs by adopting a common interface (the browser) for many applications
– Reduced information technology (IT) costs, because applications are migrated to web servers where most of the processing occurs, and thin clients are adopted throughout the enterprise
– Reduced integration costs. As common data objects relayed via intranets and extranets are adopted, the resources that must be devoted to integrating applications fall dramatically.
One internet technology touted by experts is known as “push.” In this case, a server pushes data to desktops automatically based on a set of user-defined parameters. The system helps move the right information to the right people at the right time more easily than ever before possible.
In one system, push technology automatically delivers business and manufacturing reports to desktops without the client having to search for them. The client simply chooses from a list of report categories (for example: batch, sales, scheduling, etc.) and presents the user with a list of reports from within that category. Each list can be updated hourly, daily, weekly, or on a custom schedule. The technology reduces, and in some cases eliminates, the need for paper reports.
Security is a must
Ideally, a company that takes full advantage of internet technology gives its employees (or customer and vendors, in the case of extranets) quick, easy access to whatever information they want or need over the internet/intranet/extranet. The inherent peril with such openness, however, is unauthorized access to corporate information by employees, or worse, uninvited outsiders, including competitors and hackers.
Any real-time control systems and end-control devices accessible through the internet could also fall victim to attack. Because of the critical nature of many of these applications, the potential for serious problems is evident. The means for making such systems secure are available. Users who took the security of proprietary systems for granted, however, must be willing to devote the resources required to protect their businesses from unauthorized intrusion.
Operating system measures
At the most basic level, the Windows NT operating system has security features built-in. For example, Windows NT Workstation 4.0 includes a set of encryption application programming interfaces that allows developers to create applications that work securely over nonsecure networks (such as the internet). Windows NT security also can restrict access to applications by unauthorized personnel and provide support for a point-to-point tunneling protocol, which allows the creation of secure virtual networks on public data networks.
In most cases, however, users will want stronger security measures to protect the data in their internet/intranet applications, products, and facilities. Among the most common security measures is the use of firewall servers that can screen out unwanted or unauthorized access. Firewalls serve as centralized “choke points” to keep unauthorized users off the network.
Application system measures
In addition to operating system security, other measures can be built into application systems. One solution to securing data on the internet is to use a network specifically designed to push information to designated termin- als instead of having employees accessing system data.
Another way to secure internet capabilities on the plant floor is to allow “read only” access. This technique prevents unauthorized personnel from altering control parameters. Certain web servers are equipped with this feature, which affords a number of security benefits, including:
– Remote access to data
– Secure architecture between the plant floor and designated internet or intranet connection
– Easy scalability to determine who is allowed to view data within the organization.
Another important security measure is encryption. Secure Socket Layer (SSL) and Secure Hypertext Transfer Protocol (SHTTP) are two of the most common encryption tools. The purchase of products over the internet typically is now protected in this way. Credit card numbers and addresses are commonly transmitted to vendors using one of these encryption methods.
Other encryption tools, such as public key encryption, are also becoming increasingly popular for protecting information.
In addition to hardware and software solutions, establishment and enforcement of security policies are critical. As one computer executive noted recently, “Setting up an internet firewall without a comprehensive security policy is like placing a steel door on a tent.” Here are some guidelines to consider when implementing internet technology:
– Users must be forced to change their passwords after a predetermined period of time to guard against access by unauthorized users who may have obtained passwords by any means. Inactive log-in accounts should be removed from servers immediately.
– Unused services should be removed from servers immediately. For example, if FTP service isn’t needed, physically delete that service.
– System administrators should implement software tools that can scan an entire network domain or subnetwork, and eliminate security weaknesses.
– Administrators should check server logs regularly for evidence of suspicious activities.
– All employees and nonemployees with extranet access must be issued security guidelines and be required to read and follow them.
Obviously, maintaining system security is not a one-step effort. It is a process that must be carried out continually. Industrial users face several challenges when undertaking such a program.
The trend during the past decade is for companies to concentrate on “core competencies” and de-emphasize such support functions as IT. Yet, as plant control functions migrate away from proprietary technologies toward technologies and platforms used elsewhere in the enterprise, the need for personnel with IT expertise is growing. Many companies will have to bolster IT functions if they are to take advantage of internet technology safely. In light of the well-publicized shortage of workers with the necessary skills, this investment could be substantial.
Companies that wish to use internet technologies as the communication device to connect an integrated enterprise will have to ensure their businesses are prepared to do so. Such an organization must promote close cooperation between IT experts and engineering staff with expertise in automation and process operations.
Internet technology is one key to realizing the substantial benefits of the integrated enterprise. But such advances always carry costs. The price of ease of use, “plug and play” functionality, and the ability to access information from virtually anywhere, is the need to maintain the integrity of networks and applications. In the long run, however, the internet will revolutionize the way business is being done and increase productivity. The investment will be worthwhile. — Edited by Jeanine Katzel, Senior Editor, 847-390-2701, email@example.com
The internet is clearly a path for integrating the industrial enterprise, but its use raises concerns about system security and integrity.
Any real-time control system or end-control device accessible through the internet could be subject to security breaches.
The security of an internet/intranet-based system is only as good as the measures and policies that have been put in place.
The author is available to answer technical questions about this article. Ms. Gunst may be reached by telephone at 800-487-9894.