DATA SECURITY CONSIDERATIONS IN MODERN AUTOMATION
NETWORKS
Mikko Salmenper
¨
a
Tampere University of Technology, Institute of Automation and Control
P.O. Box 692, FIN-33101 Tampere, Finland
Jari Sepp
¨
al
¨
a
Tampere University of Technology, Institute of Automation and Control
P.O. Box 692, FIN-33101 Tampere, Finland
Keywords:
Data security, increasing complexity, automation services support systems, automation networks, security,
telecommunication networks.
Abstract:
The automation manufacturing business has reached its turning point and manufacturers are forced to create
new business areas. Their expertise about field devices will be the source for future growth of automation
industry. This includes monitoring, maintenance, data analysis and process tuning which all require good
remoting capabilities in order to be successfully and cost efficiently applied as a service for production plants.
This trend builds new challenges for automation services support systems. They are forced to adapt into
global business model where customers utilise network connections from old modem lines into modern mo-
bile communication networks. ”Information is power” therefore securing production and other process related
information systems in modern automation networks is becoming a necessity. The resent headlines have
proven that automation systems are becoming more vulnerable with the inclusion of standard office and Inter-
net technologies into the automation networks. The only way to meet the security challenges in a global scale
is to build the the connectivity using secure-by-desing methodology.
1 INTRODUCTION
The current trend for modern automation systems
is increased use of networking on all levels of
plant. Fieldbusses provide plant floor level network-
ing reaching to individual field devices. Industrial
ethernet solutions integrate each fieldbus island into
distributed and at the same time centrally controlled
automation system. Emerging solutions for auto-
mated monitoring and optimisation of field devices,
process state and higher level functions such as en-
terprise resource management require more informa-
tion to be extracted directly and continuously from the
automation system. There is also increasing need to
be able to access all of this newly available informa-
tion remotely by for instance subcontractor providing
maintenance for field devices or process optimisation.
The increasing complexity of the automation net-
works requires a new thinking in security related is-
sues. The mixed usage of intranet, extranet and inter-
net without the full understanding of the required se-
curity considerations often results in achieving head-
lines in local and more often global news. Data secu-
rity is requirement for prevention of information loss,
spying or improper use of automation system. The
saying ”Information is power” is clearly applicable to
automation related businesses.
The main security threat comes from the same
fact as the biggest benefits, integration of different
services and systems via protocols common in to-
days Internet. This means that the security problems
common to Internet are also present in the automa-
tion networks. It means that most of the methods
used to provide data security in Internet are applica-
ble to automation environment. However, the End-
to-End security from field device to automation ser-
vices support systems or end user cannot be found
in any available study although standardisation or-
ganisations have done considerable work on the area
(Webb and et. al., 2004).
This paper presents architecture of a modern au-
tomation network and studies possibilities to imple-
ment reasonable level of security in it. Common
threats to data security in Internet that can also be
applied to modern automation environment are also
briefly discussed.
279
Salmenperä M. and Seppälä J. (2004).
DATA SECURITY CONSIDERATIONS IN MODERN AUTOMATION NETWORKS.
In Proceedings of the First International Conference on Informatics in Control, Automation and Robotics, pages 279-282
DOI: 10.5220/0001141602790282
Copyright
c
SciTePress
2 MODERN AUTOMATION
NETWORK STRUCTURE
Automation networks inside a plant are rapidly evolv-
ing. The increased data throughput capabilities of
fieldbusses and the added intelligence in the field de-
vices themselves provide a foundation on which a
new business model can be build. In this model the
plant outsources certain routine tasks that support pro-
duction e.g. plant maintenance or process optimiza-
tion. The new service providers who take on a respon-
sibility of particular task in several plants, even on a
global scale, base their business heavily on telecom-
munication. By remotely monitoring of automation
systems state and various other information systems
present at plants, they can optimize usage of materials
and personnel and consentrate know-how into service
centers.
Figure 1: Automation services support system.
Modern automation network has three feature re-
quirements which are connectability, message trans-
fer reliability and loose connectivity. Connectability
means interfaces to the various systems. This can be
achieved by using messaging and messages within the
system that are based on open standards such as XML
and SOAP (Haavisto, 2001). The Second requirement
is message transfer reliability. All message chains in-
side, as well as to and from, the system must be re-
liable and traceable. There are message types that
must not be lost under any circumstances. The basis
of messaging reliability comes in the form of Mes-
sage Oriented Middleware (MOM) (Kero, 2004) or
products that offer similar functionality. The last but
not least requirement is loose connectivity. In modern
distributed automation environments customer sites
and service providers must not have permanent con-
nection dependencies. Also dynamic binding of ser-
vices must not occur i.e. you cannot use static IP ad-
dresses in any referencing to services as the address
spaces tend to change every now and then.
Figure 1 depicts a rough design of how monitoring
could be done. In 1 the service center is loosely con-
nected to the customer sites and MOM is used as a
backbone of all monitoring operations on the factory
and global scale. This kind of a common framework
is the essential part of the future automation network.
Security is not a feature requirement - it must be a
integrated part of the system (Nikunen et al., 2001).
The security is can be divided into three areas: inter-
nal, external and devices and services. The last on is
actually a subset of the internal security area but is
mentioned as separate because of the different nature
of the devices and services. The main purpose of the
implementation of security is to prevent any unautho-
rised or improper access to services and to provide
a trace both authorised and unauthorised accesses or
access attempts.
2.1 TRENDS IN NETWORKED
AUTOMATION
The evolving plant automation has resulted in multi-
protocol solutions. The Industrial Ethernet is spread-
ing although it has a major problem - it is not a
standard rather a collection of incompatible solutions.
This seems to be the trend in the fieldbus area. How-
ever, there is also a trend to use an IP based moni-
toring in automation. Some manufacturers have al-
ready built switches which operate simultaneously as
a traditional fieldbus device and as an IP enabled de-
vice. Since automation field is much slower in adapt-
ing new technologies it can be safely stated that mul-
tiprotocol environments will be the solution for today
and for the next five to ten years.
The IP protocol is the source for the most of secu-
rity problems. The traditional automation protocols
are usually not routable and there is a lot less ready
made tools for making hacking programs. Without
any doubt the biggest problem come from the fact that
IP is the protocol for Internet. Anyone can easily find
simple and effective tools for hacking into IP based
networks. However, since the IP is everywhere and
its importance is ever growing, a safe assumption is
that automation protocols - most of them anyway -
will be routed on top of the IP in the future.
Most of the automation specific protocols are also
such that there is no security at all. This is under-
standable since they were designed for use in closed
systems. This means that the security issues must be
dealt with on the IP level of the automation network.
The actual security problem is not running traditional
protocols on the top off the IP. The problem is bring-
ing the IP to the factories.
Business in manufacturing of the automation
equipment is not growing so the growth must be found
somewhere else. Since the common nominator of
many business areas is outsourcing the obvious new
ICINCO 2004 - INTELLIGENT CONTROL SYSTEMS AND OPTIMIZATION
280
area for automation manufacturers is to sell their au-
tomation systems expertise. This consists of main-
tenance, diagnostics, analysis and tuning (Helanter
¨
a
et al., 2004). There are usually a few experts on cer-
tain area and they are more and more mobile in global
scale. Also the customers with their subsidiaries op-
erate globally and are required to interconnect the of-
fices and plants to enable more accurate business tun-
ing. This brings new challenges also to the automa-
tion services support systems (ASSS).
Automation services support system have to cope
with many different type of network connections. The
most challenging part are the mobile connections due
to their unreliable and nondeterministic nature. Al-
though the connection to plant is rarely implemented
with mobile technologies the devices or device grids
are becoming more and more mobile. The ability to
take the mobile equipment into remote diagnostics
services will be strong asset in the future. The mo-
bility however will bring a totally different problem
area to normally local area network (LAN) based au-
tomation.
3 SECURITY THREATS
There are several different types of security treats that
must be taken into account when considering the data
security of the automation network. Valid users them-
selves are the most common threat any computer sys-
tem has. Intentional or unintentional misuse of com-
puter systems occurs commonly in every day opera-
tion. The system must also be fortified against unau-
thorised or improper use. This means that each user
has strictly defined role in the automation system,
and is only allowed to execute operation that corre-
spond to this role. Outside access, meaning access
from Internet, is also necessary to implement flexi-
ble operating environment for subcontractors and ser-
vice providers participating in plants production and
upkeep. However this access must be very care-
fully evaluated and controlled as any unauthorised use
could lead into catastrophic consequences e.g. loss or
theft of valuable information, process malfunction or
worse. Computer viruses create a whole new type of
data security threat. They can compromise even the
best of security, by executing code that allows unau-
thorised access by some third party. The complete
security analysis in networked automation is beyond
this paper. More complete study of the are can be
found in (Nikunen, 2001).
4 FEASIBLE SOLUTIONS –
PERVASIVE-UBIQUITOUS
SECURITY
Security design in automation network requires above
all careful thinking. The challenges come from vari-
ous, mostly quite old, field devices. Users and mod-
ern intelligent devices are usually not a problem since
they have the necessary computing power and inter-
faces.
Layered security architecture is the obvious choice.
This causes some overlapping security in some parts
but ensures that also the least capable devices are pro-
vided reasonable security. This also provides extra
security, if one layer is breached the second layer will
hold at least long enough that no important informa-
tion is lost. In practice this means securing data in
message level (OSI model: application layer) as well
as in TCP/UDP and IP levels (OSI model: transport
and network layers). Message level security with tra-
ditional field devices requires deployment of security
hubs. The main function of these hubs is, in addition
to converting oldish protocols to IP based routable
protocols, is to include the security into the commu-
nication by securing the messages. This implemen-
tation will bring in extra costs but reduces the total
cost compared to renewing all field devices into more
capable ones.
Solution to reasonable security can be achieved by
existing technologies. It is tools and ready made so-
lutions that lacking at the moment. Basis of almost
any security mechanism is identity. Without identify-
ing all entities participating in operation of a system,
we cannot enforce security. In its simplest this means
that we must know who the user, service or device is
in order to be able to make proper authorisation deci-
sions, encryption key selection and proper logging of
events occurring in the system.
Logging of security events is necessary because of
several reasons. It can be used to detect improper use
of the system by authorised personnel before secu-
rity or system operation is compromised. Logging
can also be used to track unauthorised use. The sys-
tem can then be reinforced against this particularat-
tack if necessary. This enables evolving security as
new threat are detected. In case of security is ever
breached, security logs can be used to determine crit-
icality of the breach. In fact without logging it may
well be impossible to ever detect some of the most
severe security breaches.
Encryption and signing of data is basic tool for data
security. Encryption protects data against unautho-
rised access and eavesdropping. Signing on the other
hand guarantees that the sender is who he claims to
be. Both of these methods rely on encryptions keys to
achieve their purpose. However they require a feasi-
DATA SECURITY CONSIDERATIONS IN MODERN AUTOMATION NETWORKS
281
ble solution to distribution of these keys. Public key
infrastructure PKI (Diffie and Hellman, 1976) is an
example of such a key distribution method.
PKI in itself is just an architecture, not an imple-
mentation. X509 is probably the most notorious and
widely used implementation of PKI principles. How-
ever it has rather complex and several times extended
specification containing a lot of unnecessary features
for modern automation network. There is an other
PKI based specification, namely Simple Public Key
Infrastructure SPKI (Ellison and et al., 1999). SPKI
provides an effective and flexible way to implement
access control. Example implementation of SPKI
in automation network is introduced in (Salmenper
¨
a,
2000). When compared to X.509 based certificates
SPKI is more light weight and simpler authentication
and authorisation mechanisms.
XML has made easier to transfer information from
one system to another. Still, as in may cases before,
security issues were not included in design from the
start. XML in the beginning was just a base on which
to build applications. W3.org with help of many other
organisations and companies has improved the secu-
rity by introducing XML Security (W3.org, 2001a)
and XML Signature (W3.org, 2001b) frameworks.
These has enabled building of open secure remote
procedure calls and messaging. Good example of
combination of these is Secure Web Services (IBM,
2002). However, these do not solve the problem of
key management which still remains mostly a propri-
etary implementation.
5 CONCLUSION
Despite of security threats and unsolved problem with
feasible solution for AAA problem networked au-
tomation by support services can be achieved even
with current technology. The requirements in short
are 1) common sense and 2) inclusion of secure think-
ing in automation network design.
Mobility will bring new challenges to automation
services support systems. The unreliable nature of
mobile link in both access and security areas must
be taken into account in the design of communica-
tion. Only secure-by-design is sufficient enough for
mobile environments. Enforcement of best practices
and policies are requirement for minimising the unre-
liable human factor.
Successful implementation of security is always
based on standards. Standards define common termi-
nology and enables change of tools if nessessary. Use
of open formats are the key to inclusion of all field
devices into the automation service support system.
XML based messages and Message Orienter Middle-
ware are building blocks for modern automation sys-
tem and they form a framework that can be applied
inside factories and scale well to global analysis and
maintenance service applications.
REFERENCES
Diffie, W. and Hellman, M. (1976). New directions of cryp-
tography. In IEEE Transactions of Information The-
ory, pages 644– 654.
Ellison, C. and et al. (1999). SPKI re-
quirements, rfc2692 and rfc2693.
http://search.ietf.org/rfc/rfc269[2—3].txt; accessed
February 27, 2004.
Haavisto, H. (2001). .NET messaging techniques in con-
dition monitoring network. Master’s thesis, Tampere
University of Techonology, Automation Department.
In Finnish.
Helanter
¨
a, H., Salmenper
¨
a, M., and Koivisto, H. (2004).
Implementing MATLAB
R
° based analysis services in
global condition monitoring system. Submitted for
ICINCO 2004.
IBM (2002). Web services secu-
rity (WS-Security). http://www-
106.ibm.com/developerworks/webservices/library/ws-
secure/; accessed February 27, 2004.
Kero, J. (2004). Advanced messaging in enterprise scale
maintenance system. Master’s thesis, Tampere Uni-
versity of Techonology, Automation Department.
Nikunen, J. (2001). Security considerations on wide area
networking industrial solutions. Master’s thesis, Tam-
pere University of Techonology, Automation Depart-
ment.
Nikunen, J., Salmenper
¨
a, M., and Koivisto, H. (2001).
Global condition monitoring network. Automa-
tion2001.
Salmenper
¨
a, M. (2000). E-speak in enterprise scale con-
dition monitoring network. Master’s thesis, Tampere
University of Techonology, Automation Department.
W3.org (2001a). XML Encryption.
http://www.w3.org/Encryption/;accessed Febru-
ary 27, 2004.
W3.org (2001b). XML Signature.
http://www.w3.org/Signature/;accessed February
27, 2004.
Webb, B. and et. al. (2004). Integrating electronic security
into the manufacturing and control systems environ-
ment. Technical Report ISA-TR99.00.02-2004, The
Instrumentation, Systems, and Automation Society.
ICINCO 2004 - INTELLIGENT CONTROL SYSTEMS AND OPTIMIZATION
282