Managing user access in the manufacturing environment, especially at the plant level, is tricky. Unique machinery and production requirements call for specific skills and infrastructure that may not be supported centrally by corporate managers. This means that many plants must operate as independent sub-businesses within a larger corporation. Thus, governance and control of critical plant infrastructure and machinery is subject to the skills and expertise of plant management rather than a corporate governance committee. Naturally, for plant management, production takes priority over security. So if you are evaluating a manufacturing facility here are a few things you should consider around managing logical access.
An Inventory of Plant Level IT Components
From an IT perspective, manufacturing facilities aren’t much different from the corporate environment in that you should expect to find most of the same infrastructure. Here’s a quick list of the things you should expect:
- PLC (Programmable Logic Controller) Components
- IT Infrastructure (servers, switches, routers, UPS)
- Software (databases, applications, configuration files)
Connected or Off-the-Grid
In general most plant-level environments are either connected, meaning they are connected to the corporate network/internet at large, or they are off-the-grid, not connected to the corporate network or internet and operate as a stand alone network. Each come with their own set of challenges and risks.
Connected – Connected plant level networks and PLC’s operate similarly to most applications in that user access can be controlled via Active Directory or any enterprise level access control system. This standardizes user management and allows enterprise level IT to support plant level operations. For many large, mature, or standardized organizations this is preferred method. However, being connected to the network at large presents risks that some organizations are not willing to accept.
For example, many plant facilities operate older or extremely customized PLC systems. These type systems and their infrastructure cannot be updated or patched regularly so their systems become vulnerable to viruses or cyber-attacks. If a plant facilities produce proprietary or combustible materials risk of theft or physical damage far outweighs the benefit of a connected environment. These facilities may opt to stay “off-the-grid”.
Off-the-Grid – Facilities that choose to disconnect completely from the network at large must operate autonomously. This often requires plant facilities to employ local IT/engineer support (or go without) and find unique ways to manage access to the PLC and related infrastructure. If a facility opts to disconnect there are a few key risk considerations:
- Patches and updates to IT infrastructure may be out dated or performed manually,
- Access to systems is managed locally and subject to local policy only, and
- Inadvertent or temporary connection to the internet presents enhanced risk and must be carefully managed (always check for rogue access points).
PLC Access Considerations
The PLC contains the specific instructions which make the machinery on the plant floor do work. Because plant operations and production factors can vary widely from plant-to-plant the PLC is generally the most nuanced and arguably critical component to plant operations. Here are a few considerations when evaluating user access:
Owned by the Plant Engineer – The PLC and related access is probably owned and controlled by the plant Engineer, not by IT. In fact, the plant engineer(s) may be the only individuals with access to the PLC. Because the Engineer’s primary function is plant operations (not IT best practices or security) consultants should focus on security and access risks.
PC Level Access – From my experience Engineers gain access to the PLC via a stand alone PC or laptop. Here are a few common issues I find:
- The PC is typically in the Engineer(s)’s office (not physically secure), and
- A shared administrative account on the PC is used to access to the PLC program.
Luckily these issues can be resolved by setting up unique accounts for each engineer and using the PC as a thin client rather than a stand alone device.
Server Level Access – I have found that backend IT infrastructure related to the PLC is often managed by plant Engineers as well. From a consulting perspective it is worth your time to investigate the access controls and health of the server itself. From my experience Engineers fall tend to “make it work” rather than implementing measures in a secure fashion. That means that everyone on the server is usually an administrator.
Here are a few frequent recommendations related to access control:
- Scan for wireless networks and verify that access to the PLC is limited to appropriate individuals,
- Use a thin client PC to manage the PLC (and/or find a good backup solution),
- Verify that access to all IT infrastructure is limited to appropriate individuals,
- If engineers share a PC to manage the PLC, create unique user and administrative accounts for each user, and
- Create unique user and administrative accounts at the server level.