By Gregory Hale
Cyber security issues continue to grow throughout the manufacturing automation sector and that is becoming clearer with new players trying to capitalize on the latest buzzwords to garner a foothold, but sometimes the answer to a problem has been in front of you all along.
At least that is what PAS believes as the Houston-based asset reliability provider today launched a new cyber security business unit focused on configuration management for vulnerable assets deep within the control domain.
“Bad guys know the real place to go to wreck havoc,” said Eddie Habibi, founder and chief executive of PAS. “The real place to go to cause damage and leave a hole in the ground, you go to the DCS.”
Securing the soft underbelly of the manufacturing enterprise is the focus of the new unit.
“Configuration management for security is much like alarm management for safety,” Habibi said. “The industrial cyber security challenge consists of several layers that go over IT and OT. We see configuration management is where the bad guy needs to go to hack into the plant. (We focus on) anything in the proprietary domain of the control system like control configuration, ladder logic, proprietary programs, unique communication protocols. They are not like the open Windows or SAP, they are closed and proprietary.”
The security challenge ratchets up every day and that means users need to know what and where to protect.
“Sophistication has increased. Viruses have been productized and they are learning how to go after control systems,” said David Zahn, chief marketing officer at PAS and general manager of the new cyber security business unit. “The first thing you do to protect your castle is to build a moat around it. But if you don’t know the assets you have, you don’t know what you have to protect.”
Like the moat analogy, as it stands right now, there is strong perimeter protection in the industrial control market with firewalls, intrusion prevention and anti malware, Habibi said. But at the levels 1 and 0 there is no real protection at the core. For any supplier’s DCS, this is where the proprietary areas of control systems reside, he said.
The need to understand and know what to protect is paramount.
“Proprietary systems don’t have IP addresses, so unless you have visibility into those systems, you can’t really have a total solution,” Habibi said. “Users need to baseline what good looks like and understand what the normal running conditions are.”
By understanding what the user has and ensuring a safer and secure environment, that will mean the system will be operating smoother and more efficiently.
“If you focus on safety and security that will improve reliability,” Habibi said. “We have been doing configuration management for a long time, we are adding cyber security capabilities to round it out.”
PAS has worked in the cyber security space for years, so this new unit and the Cyber Integrity release is the next step in their evolution in that area.
PAS implemented a multi-layered security architecture that includes its Cyber Integrity software to protect critical control assets and address compliance requirements. It automates internal and regulatory compliance reporting while reducing associated efforts by up to 90 percent.
Cyber Integrity enables industrial companies to:
• Gather and maintain an accurate inventory of cyber assets
• Establish a cyber security configuration management policy
• Manage change by monitoring for unauthorized updates to cyber asset configurations
• Implement a program for system backup and recovery
Understanding and achieving a secure environment means end users have to start thinking about new ways to approach security because the old ways, while effective at one point, just won’t cut it anymore.
“Cyber awareness is there,” Habibi said, “but the solution approach needs education.”