A year ago, the industrial culprit was the Stuxnet computer worm. But suppose another computer worm infects a programmable logic controller (PLC) or a PC that operates the automated equipment in a manufacturing plant. That software infection could travel around the world and cause additional mayhem.
In today’s interconnected world such an unwanted event could be the catalyst for manufacturing calamity, similar to Japan’s devastating tsunami in 2011 or the March 2012 chemical plant explosion in Germany that hampered the world’s supply of polyamide 12.
“Remember, global is part and parcel of our industry,” Michael Robinet, Managing Director of IHS Automotive Consulting, said during Rockwell Automation’s Global Automotive Manufacturing Forum at the Hyatt Regency in Dearborn, MI, May 2.
Jeffrey Smith, Technical Lead for Controls Architecture at American Axle & Manufacturing, is responsible for risk mitigation as it relates to control systems at AAM facilities where driveline and drivetrain components as well as chassis modules for passenger and commercial vehicles are produced. “Securing control systems is an ongoing process, not a finished product,” Smith told his audience.
In a typical enterprise-level network, information technology (IT) specialists have tight control over what gets on the network. But on the factory floor where automated machines rely on control systems, the landscape looks slightly different.
“There are potentially a large number of engineers from outside the organization hard-coding an IP [Internet Protocol] address on their laptop and connecting. The security has to be designed to prevent rogue software introduced on either side—infrastructure or fieldbus—from migrating,” Smith explained to SAE Magazines.
Many of AAM’s 30-plus global facilities use a light-duty industrial firewall wherever there is a PC on the factory floor.
On a Rockwell Automation ControlLogix 5000-based line, there are between 10 and 15 firewalls, “depending on what the line is building and how many gauge PCs there are. On a legacy line pre-2006/2007, there could be as many as 40 PCs,” Smith noted.
AAM’s hardware and software security solution, according to Smith, “can be easily integrated into our existing controls architecture. In fact, it can be added to an existing line in less than half a day with no operational impact to the production line.”
Smith underscored that the AAM approach to risk mitigation—which relies heavily on Secure Crossing’s Zenwall-5 access control module—is not a one-size-fits-all solution.
“The most difficult task is to identify the key needs of your organization in terms of control systems security,” said Smith.
A top priority for embedded control systems at AAM is to protect the etherNet/IP fieldbus from the IT infrastructure and vice versa.
“Enterprise-level IT network traffic is typically heavier in volume [measured in packets per second] than the typical controls edge device can tolerate. Enterprise-level IT networks also have multiple traffic types that wouldn’t be desired on a controls-level fieldbus based on ethernet, such as etherNet/IP,” Smith explained.
For example, Voice over Internet Protocol (VoIP) traffic can cause control devices to behave erratically or simply disconnect from the network.
AAM’s controls system architecture is flexible, scalable, and “was designed in such a way that adding the level of security we believe is achievable doesn’t require a huge change from how we launch production systems,” said Smith.
The control systems security initiative at AAM continues to be rolled out globally to plants in phases as production permits.
Todd Montpas, Automotive & Tire Market Development Manager at Rockwell Automation, said the increasing interconnectivity of control systems offers new benefits. But there are challenges.
“As the pace of control systems and enterprise network architecture convergence accelerates, security depends on staying both flexible and vigilant in successfully controlling as many variables as possible,” said Montpas.
Rockwell Automation takes the position that security needs to be one aspect of a complete, system-level controls solution, according to Montpas, who added that “levels of adequate protection must evolve as vulnerabilities are identified and new threats emerge.”