20 Jul

Managing User Access in the Manufacturing Environement

Click to enlarge.

Managing user access in the manufacturing environment, especially at the plant level, is tricky. Unique machinery and production requirements call for specific skills and infrastructure that may not be supported centrally by corporate managers.  This means that many plants must operate as independent sub-businesses within a larger corporation.  Thus, governance and control of critical plant infrastructure and machinery is subject to the skills and expertise of plant management rather than a corporate governance committee. Naturally, for plant management, production takes priority over security. So if you are evaluating a manufacturing facility here are a few things you should consider around managing logical access.

An Inventory of Plant Level IT Components

From an IT perspective, manufacturing facilities aren’t much different from the corporate environment in that you should expect to find most of the same infrastructure. Here’s a quick list of the things you should expect:

  • PLC (Programmable Logic Controller) Components
  • IT Infrastructure (servers, switches, routers, UPS)
  • Software (databases, applications, configuration files)

Connected or Off-the-Grid

In general most plant-level environments are either connected, meaning they are connected to the corporate network/internet at large, or they are off-the-grid, not connected to the corporate network or internet and operate as a stand alone network. Each come with their own set of challenges and risks.

Connected – Connected plant level networks and PLC’s operate similarly to most applications in that user access can be controlled via Active Directory or any enterprise level access control system. This standardizes user management and allows enterprise level IT to support plant level operations. For many large, mature, or standardized organizations this is preferred method. However, being connected to the network at large presents risks that some organizations are not willing to accept.

For example, many plant facilities operate older or extremely customized PLC systems. These type systems and their infrastructure cannot be updated or patched regularly so their systems become vulnerable to viruses or cyber-attacks. If a plant facilities produce proprietary or combustible materials risk of theft or physical damage far outweighs the benefit of a connected environment. These facilities may opt to stay “off-the-grid”.

Off-the-Grid – Facilities that choose to disconnect completely from the network at large must operate autonomously. This often requires plant facilities to employ local IT/engineer support (or go without) and find unique ways to manage access to the PLC and related infrastructure. If a facility opts to disconnect there are a few key risk considerations:

  • Patches and updates to IT infrastructure may be out dated or performed manually,
  • Access to systems is managed locally and subject to local policy only, and
  • Inadvertent or temporary connection to the internet presents enhanced risk and must be carefully managed (always check for rogue access points).

PLC Access Considerations

The PLC contains the specific instructions which make the machinery on the plant floor do work. Because plant operations and production factors can vary widely from plant-to-plant the PLC is generally the most nuanced and arguably critical component to plant operations. Here are a few considerations when evaluating user access:

Owned by the Plant Engineer – The PLC and related access is probably owned and controlled by the plant Engineer, not by IT. In fact, the plant engineer(s) may be the only individuals with access to the PLC. Because the Engineer’s primary function is plant operations (not IT best practices or security) consultants should focus on security and access risks.

PC Level Access – From my experience Engineers gain access to the PLC via a stand alone PC or laptop. Here are a few common issues I find:

  • The PC is typically in the Engineer(s)’s office (not physically secure), and
  • A shared administrative account on the PC is used to access to the PLC program.

Luckily these issues can be resolved by setting up unique accounts for each engineer and using the PC as a thin client rather than a stand alone device.

Server Level Access – I have found that backend IT infrastructure related to the PLC is often managed by plant Engineers as well. From a consulting perspective it is worth your time to investigate the access controls and health of the server itself. From my experience Engineers fall tend to “make it work” rather than implementing measures in a secure fashion. That means that everyone on the server is usually an administrator.

Typical Recommendations

Here are a few frequent recommendations related to access control:

  • Scan for wireless networks and verify that access to the PLC is limited to appropriate individuals,
  • Use a thin client PC to manage the PLC (and/or find a good backup solution),
  • Verify that access to all IT infrastructure is limited to appropriate individuals,
  • If engineers share a PC to manage the PLC, create unique user and administrative accounts for each user, and
  • Create unique user and administrative accounts at the server level.

3 thoughts on “Managing User Access in the Manufacturing Environement

  1. Christian,
    When I was in the manufacturing section, the following 4 items drove me nuts:
    1) Every machine on the plant network could also access any part of the office network (headquarters). Most of those machines did not need that access and it should have been segregated better. We got a few viruses coming off the plant floor as people surfed the Internet (which incidentally they did not have a business purpose for).

    2) None of the machines ran antivirus. Everyone said it would kill the timing between the machines, and they had to stay in perfect sync. A simple test held during a holiday when no shifts were running proved it didn’t matter. I got AV installed and had no problems, and it substantially reduced the virus problem (surprise!).

    3) Shared IDs, so you could never tell who did what, or who goofed. I never won that battle. The cons outweighed the pros, which happens occasionally, and I don’t argue with common sense in such cases. In one of my blog posts, I noted one plant manager wrote the common password on a sign with letters that were 3 feet high. No exaggeration.

    4) Anytime one of the PCs that ran the machines or assembly line was down, the whole line was down, meaning thousands of dollars wasted until we got the machines back up. Usually a hard drive would die or someone would do something wrong, and screw up the configuration of the system.

    Of course, these systems were off the grid, which meant we could not back them up across the network, or do a restore. And who is going to set up a backup system on the line? It would never survive.

    One of the guys came up with a simple, but effective solution. Since these machines were static and the software seldom changed, AND they all ran the same software, configured identically, my buddy just ghosted (copied, remember that term?) an identical hard drive and installed it in each machine. It was not connected or running.

    Then when a machine went down, all he had to do was to run out, shut down the machine, unplug the old drive and take it out for re-imaging, plug in the new drive, and reboot. He was a hero.

    • Great suggestions! The difficulty, for me at least, with manufacturing facilities is striking that balance between IT practices and being realistic. These guys are focused on production and revenue and probably lack a lot of IT support. So when I do any type of consulting I try to keep that in mind.

      What can I suggest that makes sense and makes the most impact. I guess these are the business risk vs. reward decisions.

Leave a Reply