March 2019

| 30 | March 2019 www.smartmachinesandfactories.com | SOLUTIONS | distributed and increasingly open. To be successful the defence strategy against cyber- attack must be seen in a holistic way and needs to happen at all levels of the enterprise. This must start at the plant level and automation equipment manufacturers must look to build in security as a natural part of the design process. For instance, PLCs (programmable logic controllers) need to include multiple embedded features such as hardware security keys and multi-layer password structures. Use of hardware security key authentication prevents programs from being opened or edited on unapproved personal computers that have not been “bound” to the security key. PLC CPUs can also be paired to the security key and programs will not run unless this hardware match exists. This also has the benefit of protecting the intellectual property of the control system. Additionally, IP filtering should be used to register the IP addresses of devices approved to access each PLC or HMI (Human Machine Interface). This makes unauthorised access much more difficult. Whilst end users will want maximum security; they will also continue to insist on simplicity of operation. Some of these automation security measures, all of which are optional, could be argued to complicate operations and that is why a holistic view of security needs to be taken, considering all aspects of the operation. It may be that in some areas, some measures can be relaxed for the sake of continued operations and this is fine provided that the risk has been assessed and counter measures are implemented elsewhere to alleviate the threat. As with everything related to cyber-security the consideration has to be probability and risk, security and operational systems should be designed around these important criteria. It is probably an unchangeable aspect of the human condition that some people will always seek unauthorised access to control systems. Therefore, manufacturers and control engineers must build security measures into their products and systems and recognise that these are surmountable hurdles rather than impregnable barriers, so must be constantly renewed and redeveloped.