Security solutions begin to trickle, but deluge is near

To deal with the threat to plant-floor operations from malicious hackers or cyber terrorists, experts recommend companies build tools for risk assessment, impact evaluation, and standardized responses. They say it's important to separate operations from business systems, maintain firewalls, and close remote-access options. While at least some of this may be standard procedure for IT departments, for plant operations professionals it's a whole new ballgame.

ISA Expo 2004 was a chance to learn about security issues affecting process industries, and several automation vendors introduced solutions:

• ABB and IBM announced they would develop cooperative IT security services for automation customers. "Attention has to be paid to identity management, data integrity, threat management, and security governance," says Rolf Vahldieck, head of process automation technology consulting at ABB. "Security measures as applied to a specific installation should be proportional to the assessed risk in terms of probability and potential consequences of an attack."

Services provided by IBM and ABB might include security workshops, architecture development, and infrastructure management.

• GarretCom demonstrated products aimed at making industrial Ethernet applications secure. Secure Web Management, added to MNS-6K management software, enables authentication and encryption.
• Invensys Process Systems introduced new services, such as security plan development, identification of site vulnerabilities, and prevention of potentially catastrophic intrusions, to enhance the security of Foxboro's I/A Series automation systems. "The industrial automation industry has been moving to more open and interoperable control systems. This trend clearly increases the potential vulnerability of these systems to cyber attacks," says Ernest Rakaczky, director of process control network security.