Rob McKeel, vice president of marketing for GE Cisco Industrial Networks, concurred. He said the rules were the same, but they are now strictly enforcing those rules. Now employees and visitors must display proper identification at all times.
Physical Security Methodologies
Most of the companies interviewed use electronic access control, with either magstripe or proximity technology. Some companies use CCTV, and most have either full-time or after-hour guard service. Biometrics products are used in computer rooms, and some labs use palm readers for access.
Companies with multiple facilities aren't always integrated. Invensys Process Systems, based in Foxboro, Mass., is an acquisition company with headquarters in England, but the U.S. arm had purchased companies across the United States. As facilities are consolidated, it will become more realistic to look at integrated access control systems. "At some point in time, we'll integrate all the company's security systems, but for now we just address issues as they come up," said Peter Martin, vice president of Invensys. But, he added, each facility has a security system in place that is commensurate with the level of product development being executed behind closed doors. "At Foxboro, even the executive management of Invensys cannot get in without their Invensys cards." And at one of their software companies, Wonderware, development buildings are in total lockdown to all but the development personnel.
Current Security Issues
Houghton Leroy, director of consulting for enterprise applications at ARC, researches disaster recovery and disaster prevention, including asset management. "People don't understand that they are more vulnerable to inside threats," said Leroy. Companies should ask themselves "what the risks are for the industry we are in and who outside the facility can benefit from (proprietary) information."
E-mail monitoring is growing in the corporate world, and profiling of employees continues to emerge as IT groups monitor the types of sites employees frequent during working hours, according to Leroy. His research findings conclude that the most likely cause of a security breach is in hardware and software failure. The second most likely is internal attack from employees.
"Development areas should be locked with keypads and accessed only by authorized employees," said Leroy. "Our society loves cards, but I don't think they are as practical, because people lose cards." He emphasized that the extra care given to securing R&D areas "creates a mindset and an awareness to employees that this area is secure."
Wireless networking may well be the wave of the future for manufacturing plant systems, but it still has some drawbacks. The legacy automation networks of the '80s do not support IP, which is central to remote functionality, according to Chantal Polsonetti, vice president of strategic consulting at ARC. Manufacturing companies who are looking at wireless encryption protocol (WEP) will find that the value proposition includes cost, ease and flexibility of installation, mobility and productivity. However, wireless LANs that run on IEEE 802.11b (Wi-Fi)-the current dominating wireless solution-compete with Bluetooth (the new technology standard that uses short-range radio links), causing interference.
IEEE 802.11b and ultimately 802.11a will replace automation LANs, control level networks, fieldbuses and possibly sensor/actuator wiring, according to Polsonetti. But the problems lie in the fact that devices still need a power source, the cost of wireless is still high, and there are still issues regarding the unknowns, including electromagnetic interference and the effects of sunspots. Polsonetti predicts that "wireless networks will continue to win new applications, and both Ethernet and wireless networks must be intelligently implemented and isolated from competing traffic."
"Many companies don't recognize the security issues," McKeel said. "There are security configurations within the wireless hardware, but many people don't properly enable the security features. Proper configuration based on 802.1x or other wireless security standards is critical."