News and Opinion
Articles
Editorial Resources
Company Info
Q & A with Verano Inc

IEN: Describe the major security concerns facing industry. How can they be addressed?

Verano: Unlike the IT world, industrial control systems are directly connected to pipelines, electrical grids, and process equipment. A security breech can have severe consequences ranging from loss of production, to environmental damage, to a blackout, to threats to human safety. Yet most industrial control systems were designed before security became an issue and their long life cycles means that the companies operating these systems will have to deal with their weaknesses for many years to come.

The problem is worsened by the trend to connect control networks to the enterprise to support business agility and by deployment of web, wireless, and Windows OS technologies at the control layer -- all of which have well-publicized vulnerabilities.

The first step to address these issues is recognizing that industrial networks have unique security requirements and consequences that justify their own security policies and programs. From there industrial users should:

  • define and document the control network perimeter

  • plan for defense in depth

  • segment the network

  • protect against internal as well as external threats, and

  • in the long run, harden the control equipment.

IEN: Where are strides being made: In risk management? Integrated systems design? Emergency response? Hazard controls? Computer security? Elsewhere?

Verano: Industry bodies like IEEE, ISA, and AGA are developing control system security guidelines and recommendations. ISA's SP99 committee is working on a Manufacturing and Control System Security standard and in spring 2004 released two interim technical reports.

Leading vendors, like Verano, have introduced control system-specific security solutions.

IEN: What innovations are in store for users in security equipment and systems, software, training, and other areas?

Verano: Security appliances that integrate multiple functions into one device are becoming available. They combine a firewall, anti-virus scanning, intrusion detection, intrusion prevention, and VPN capabilities and can be easily installed to protect the perimeter of industrial networks.

Security Management software acts like a SCADA system to continuously monitor the security and integrity of the control network and its applications. These systems can alert engineering staff when intrusions or suspicious activity -- even from within the corporation -- are detected.

Combining these two concepts makes it possible to lock down the control system in times of heightened threats and to enable more connectivity when the threat level is lower. The security management software can adjust the policy rules in the perimeter protection appliance based on factors such as current level of virus activity or the DHS threat assessment indicator.

IEN: Which R & D areas are closest to commercialization?

Verano: A lot of attention is going into improving the security of computer operating systems (OS). Securing the OS is the first step toward hardening control equipment. Perhaps the first to be available will be Enterprise Linux 4.0, which RedHat plans to ship in early 2005. It will include a Security Enhanced Linux (SELinux) option based on work originally done at the National Security Administration (NSA).

IEN: How significant a role will the web play in security? Wireless? Why?

Verano: The web and wireless are both very attractive technologies for industrial networks because of their low cost and flexibility for improving communications. However, they both have well known security vulnerabilities that need to be considered when deployed in industrial networks. For example, a plant web server should be installed on its own network segment because the policies used to access its information are generally broader than those needed for the control system itself.

Wireless access points provide a back door onto your network, but if they must be used, should be supplemented by security management software to watch for unusual activity.

IEN: How can companies integrate security technologies with manufacturing operations?

Verano: The majority of security product vendors understand the problem from an IT perspective, though industrial companies should look to vendors who understand security needs from a control system perspective. For example, products to secure industrial operations are available from Verano today.
Verano Inc
Mansfield, MA
508-337-0300

Request Additional Information

Verano Inc company profile
ThomasNet Company Link


Magazine Subscription | eNewsletter Sign Up | Advertise | Privacy Policy revised 10/07 | Contact Us | RSS 
Thomas Publishing | Thomas Global | ThomasNet 
Product Categories:   0-9|A|B|C|D|E|F|G|H|I|J|K|L|M|N|O|P|Q|R|S|T|U|V|W|X|Y|Z Topics
   Companies:   0-9|A|B|C|D|E|F|G|H|I|J|K|L|M|N|O|P|Q|R|S|T|U|V|W|X|Y|Z
© 2008 Thomas Publishing Company. All Rights Reserved.
EmailPrint
ienonline search EmailPrint