Managing batch process security

Today’s security threats and vulnerabilities are wide-ranging, often complex and not always understood – particularly in terms of their impact. As such, batch access control should be integrated with managed enterprise security programs that mitigate threats from malicious codes and other sources.

By Karl Williams and Daren Moffatt, Invensys Process Systems March 1, 2009

Batch process control systems have seen a great deal of change in recent times, including more connectivity and the use of open standards and protocols from previously proprietary and often isolated environments. The use of “off the shelf” technology brings interoperability, efficiency and other great benefits. But it also creates an ongoing security challenge.

Today’s security threats and vulnerabilities are wide-ranging, often complex and not always understood — particularly in terms of the impact they can have on an individual system, a part of a system or the entire production facility. Threats come from a range of internal sources such as removable media, poor change management and disgruntled employees, as well as from external sources such as hackers and connections with other devices and networks.

Threats also increase as new vulnerabilities emerge, meaning that batch process control systems might find their normal operation impacted simply because they share a technology or connection. While this might not necessarily be immediately or directly disruptive to batch operations, it could impact production, efficiency and safety.

For batch operators, the primary focus of process security has been on controlling and managing access to recipes, process operations and process change. But today — especially for chemical, pharmaceutical and food industry applications — batch access control should be integrated with managed enterprise security programs that mitigate potential threats from terrorists, hackers, malicious codes and other sources that are becoming more prevalent.

Controlling access

The rising use of electronic signatures and other automated security methods has probably been the most significant advance in the area of batch access control. Much of batch security remains driven by regulatory standards, particularly the regulations and guidance the U.S. Food and Drug Administration (FDA) has issued for electronic records and signatures as defined by Code of Federal Regulations (CFR) 21 part 11 . Under this code, electronic records and signatures can be incorporated into electronic batch management systems.

The 21 CFR part 11 code also defines good practices to ensure that batch information is secure, primarily from the standpoint of user authentication. This applies mostly to internal users, primarily for tracking and tracing operations and materials, and to support correction and possible litigation should any product-safety issues emerge. Protecting the batch information from malicious outside threats requires integration with broader enterprise-wide cyber security management programs and policies.

Managing cyber threats

One of the most effective approaches for designing and implementing measures that mitigate security vulnerabilities and threats is known as defense-in-depth (Fig. 1). In the defense-in-depth approach, each layer of the process is evaluated for its criticality, corresponding risk and whether appropriate security measures have been applied. Batch processes, for example, might be most vulnerable in the controls zone, but increasingly subject to threats at the plant network and data center zones. This is but one example; situations may vary from industry to industry and company to company.

This approach ensures that once risks are evaluated, the most critical assets receive the greatest protection. A threat is more likely to trigger a timely response using this approach. When successfully implemented and managed, the defense-in-depth strategy minimizes the likelihood of a successful threat and can prevent intrusion.

Other security measures — including host-based firewalls, hardening of workstations, anti-virus programs and vulnerability management — mitigate security threats. While taking these appropriate mitigation measures will improve security, ongoing security management is needed for it to remain effective.

A security program should meet the requirements of each system and implementation, but in general the following issues should be considered:

Security assessment — One of the first steps in performing a security assessment is developing an understanding of the security position. Analyzing the current position, vulnerabilities and threats will yield an understanding of what the real risks are and help establish the requirements of the security program.

Security policies, procedures and enforcement — Effective policy, procedures and enforcement are crucial for safe and reliable batch system operation. The development of policy and supporting procedures should be user- and facility-specific, and should therefore be developed in close cooperation with system stakeholders to ensure the result is workable and effective. Management support at all levels is vital to success. Any corporate or business policy and procedure compliance requirements must also be taken into consideration.

Protection with appropriate technology — Technology plays an important part in an overall security approach. Firewalls are just one example of a technology that provides part of a defense-in-depth design, and when implemented and managed correctly can mitigate security threats. However, security is more than just a firewall.

The design and implementation of an architecture using a “Demilitarized Zone” (DMZ) approach provides more secure access and control, and by including additional features such as anti-virus and deep-packet inspection for intrusion detection or prevention, further protection is created. The ongoing management of firewalls and other devices should be carefully considered.

Security training for knowledge transfer — Those who have access to a control system — either directly or indirectly, frequently or infrequently — require appropriate security training to ensure a low-risk batch production environment. This is important to ensuring that those who have any interaction with critical systems understand the impact of their actions. Training is also needed to help those involved with batch control systems understand not only policy, procedures, enforcement, but the wider security objective. In addition, training may be required for the more technical aspects, including firewalls, intrusion detection/prevention, anti-virus updates and so on.

Security management — There are many activities included in security management. The resources required for this need to be fully considered, and it could mean a high level of commitment. Compared to plant safety, plant security is well in its infancy. Plant safety programs are well established, continuously monitored, validated and understood; plant security and its management would benefit from a similar approach.

While some security elements such as policy may rarely be updated once in place, other elements need more frequent or even continuous attention. These include anti-virus updates, firewall management, access control, vulnerability management and enforcement. Each system should be assessed for its own need. By following a continuous cycle of assess, design, implement and manage, with supporting elements in each phase, processors have the flexibility needed to maintain a low-risk environment (Fig. 2).

Because security measures help sustain system availability, combining access control with cyber security is a true business enabler. An effective, ongoing vulnerability management process is the foundation of a good batch process security plan. Newly discovered vulnerabilities need to be assessed in a timely fashion, and a course of action determined based on likelihood and impact.

The greatest threat to your operations today comes from doing nothing. By taking steps, first to assess and address, then to understand and manage security, batch processors can mitigate security risks and maintain safe, reliable and compliant operations.

Author Information
Karl Williams is principal security consultant for Invensys Process Systems and Daren Moffatt is business development director for Life Sciences for Invensys Process Systems.