Changes in factory automation run the risk of exposing existing equipment to security breaches, some potentially serious.

The industrial Internet of things (IIoT) promises to revolutionize manufacturing systems. To implement the IIoT, IP addresses are assigned to controllers and sensors throughout the factory. This enables devices to communicate with each other and take self-determined actions based upon data about the status of all of these elements.

Industrial security may be more important than ever. Credit: Rockwell AutomationIndustrial security may be more important than ever. Credit: Rockwell AutomationIn addition, large amounts of performance information can be shared with factory managers and enterprise personnel. While this brings the hoped-for promise of improvements in productivity and intelligence, it also increases the danger of damage in the event of security breaches.

A Rockwell Automation blog offers three reasons for keeping security products and policies current.

First, a major point of vulnerability exists when converging already existing systems over standard Ethernet and IP networks. The blog says that this exposes outdated, unprotected systems to disruption from a wide variety of sources.

Plant managers tend to be reluctant to add security updates to already functioning systems. They worry about the cost of such changes and the disruption of schedules. However a security breach due to unsecured equipment can cause unplanned downtime, costly damage to machines and products, and a black mark against a company's reputation.

The point at which the decision has been made to migrate a traditional industrial control system network to a standard Ethernet and IP network is the time to take action, the blog says. A networks and security specialist should be brought in to assess the system for possible vulnerabilities and help design and implement a secure network architecture.

A joint venture between Rockwell Automation and Cisco has developed Deep Packet Inspection (DPI), as part of an industrial firewall. This is a tool that enables plant personnel to assign granular security policies within the industrial firewall to guard against unwanted intrusions.

Second, the blog says that plants are being managed across multiple sites, with a mixture of new and old equipment, by people with different levels of access permissions. This not only increases the chance for potentially malicious attacks but also for errors accidentally committed by internal personnel.

Third, the blog says that precautions must be taken from the enterprise level all the way down to the devices on a machine. Adding an industrial firewall to the lowest levels of a plant's network architecture may help prevent malicious traffic between devices and provides protection against unintended configuration changes.