Factory Security
AUTOMATED SECURITY ON THE MANUFACTURING FLOOR
As a Fellow of SME my interest in technological innovation alerted me to
weaknesses and vulnerabilities never before considered in our shop floor based CAM
philosophies. I learned about Computer-based hacking. I studied the universe of hobbyist
aggression and compared my results to the episodes of chaos in the factory. Examples
of computer attacks are media history.
Exposures located in shop floor offices and computerized fabrication operations should be
neutralized using commercially available security solutions. Hands-on users (machinists
and NC programmers) do not take security seriously. Over and over I heard "That can't
happen to me. I never go on-line. No one uses my machine or tapes." Yet, firms nation-
wide are plagued with data loses which equate to serious revenue losses. Common sense
is uncommon among floor level manufacturing administrators. Managers and workers do
not anticipate nor believe the threats which abound. Professional and technical users,
alike, take for granted that others are backing up data and hard drive based applications
to tape, DVD or floppy disks thereby protecting the software which directs the machines
they use.
NC Manager Bill at a mid-west tool maker had his application software destroyed when he
mistook the "recover" utility for "restore" command at the DOS (Disk Operating System)
prompt of his NC system. Bill never found time to read the summary which explained the
effects of his typing unfamiliar commands into his computer. Jeff, at a Boston job shop,
was processing time slips when the power failed. All the historical information he saved
religiously over the previous month was lost. He had not thought to input time slips daily
or every second day and backup his work. His firm, like most, did not have even
rudimentary contingency plans. Secretary Sarah working at a DOE lab had a curious son.
Ted wanted to see what the "format" command did. He had access to the DOS prompt
because Sarah's corporation, which spends hundreds of dollars each month for fresh cut
flowers in the lobby, never thought to spend money to protect their records from the
unintentioned curious. A senior programmer at the once premier computer manufacturer
shut down the firm computer network server when the game he coveted turned out to be
a computer virus hidden within a trojan horse program.
Computer security in the fabrication environment is common sense applied in the
work place. A reasonable individual would not drive his auto without brakes or step into
an open elevator shaft or stand close to the edge of a railroad platform. He will, however,
take workplace security for granted. Steve and Mark's job shop in California faces a law
suit because the copies of their licensed AUTOCAD were discovered in use in thirty
separate companies. Someone traded software. Their shared network server had three
pirated applications functioning which each thought the other purchased.
Here are some exposures and solutions which security professionals consider when
applying common sense in the office. Manufacturing managers should do likewise.
EXPOSURE SOLUTION
CURIOSITY ACCESS CONTROL
ENCRYPTION
PIRACY ENCRYPTION
COPY PROTECTION
ACCESS LIMITATION
HACKERS BIOS CALL MONITORING
OPERATING SYSTEM LIMITATION
PERIPHERAL LOCK-UP
VIRUS CHANGE DETECTION
SECURE ERASE
BACKUP / RECOVERY
EQUIPMENT FAILURE DIAGNOSTIC TOOLS
BACKUP / RECOVERY
OPERATOR ERROR ACCESS LIMITATION
MENU MANAGEMENT
ON-LINE HELP
BACKUP / RECOVERY
PROGRAMMER ERROR CHANGE DETECTION
BACKUP / RECOVERY
ACCESS LIMITATION
Minimum security must provide platform level features (controls which occur without
the busy user having to be involved) which include:
access controls,
access limitation,
copy protection,
operating system prohibition,
virus detection and
auditing.
ACCESS CONTROLS - Provide an ID and password which authorize the use of the
computer by a specific individual. An aware department manager will decide and control
the duration of an access code. Further, he will choose software which allows a person
to "Blank" his screen on demand or automatically if he wanders away and forgets to log off.
Professional software must implement on-demand screen blanking for those times when
the boss orders "Get in here now!" Encrypted application programs and encrypted data
files stymie access by in-house game players and not so nice individuals, who happens to
bring a personal copy of the operating system which allows bypass of machine controls
after hours or on Saturday/Sunday when no one is about. When the entire plant practices
professional security, interlopers cannot browse files or steal custom application programs.
ACCESS LIMITATION - Choose security software which limits users to specific
activities, i.e., project management, nc programming, word processing, spreadsheet
construction, etc. One level of access should include the communications link to a mini-
computer or to a mainframe computer at the division or corporate level. In most
manufacturing firms, you can, once on-line, move to any department within the corporation.
Partitioning data into need managed segments minimizes access attempts by the curious
who like to press keys or by aggressors actively attempting to know your business. The
only authorized manner by which to use the micro computer to mini computer or mainframe
link would require the user to be authorized by the security administrator and assume
responsibility for his actions. For the record, most fabricators do not have a person
appointed to manage security outside the DP department.
COPY PROTECTION - If the software you provide has a serial number the
purchaser is liable for the illegal copies which are spawned from the original copy
functioning upon your computer. We live in an age of raids by proponents of proprietary
software integrity. It behooves manufacturers to encrypt their costly applications software.
In this way you assure that proprietary software will function only within the security shell
resident and functioning upon your company's computer. It is possible to generate a high
quality internal security without corrupting the stored data, newly input data, or programs
generated by your employees. Those with a need can be authorized to move data on a
DVD or floppy disk while being denied the use of the proprietary software should they
choose to copy that software without permission.
OPERATING SYSTEM PROHIBITIONS - Unless you limit the use of operating
system commands, a naive, curious or vicious person could destroy expensive computer
software and records rendering the computer inoperable pending a time consuming
regeneration of the data and applications lost to ill-use. It is important to business
profitability that the chosen security package prohibit the use of the operating system
command set. This option limits vulnerability to corporate spy attacks (industrial
espionage) and minimizes liability for compromising disclosure of company secrets which
occur frequently when the unauthorized tap into unsecured machines.
VIRUS DETECTION - Media hype attributes more success to virus than is truly
deserved. BUT, the old adage "better safe than sorry" holds true. Security should include
the means to identify a viral or other type software attack upon the work place computer.
Identification of changes to file or program size, creation time, creation date, path from the
root (hard disk entry point), or in physical location upon the hard disk and associated floppy
disks should be logged for later review and analysis. Coordinated and integrated change
monitoring is the only true way to determine if your computer or network has fallen victim
to sophisticated aggression which might be blamed upon virus. A person stealing your
proprietary software will cover the initial act by a second act of disruption.
The means to remove unauthorized modifications should be integrated in the
security system you choose for the factory. Change detection should be simple and
consistent. The changes which occur or are attempted must be logged to provide a record
of every attempt to commit an aggressive act against your firm. You could be sued should
someone claim to be injured by corporate carelessness within your plant.
AUDITABILITY - An ability to document how the computer was used reduces
operational liability. Audit trails should: (1) document each action requested (execute
cutting tool program 9102, call file XXXX from disk drive A, etc.), (2) detect changes made
to or attempted upon application software (program AAA.EXE was expanded) and (3)
create a log of missed attempts (show when and from what terminal an unauthorized
individual tries to break in). Good security provides substantial knowledge and traceability
of how employees tasked to use sophisticated equipment behave. Minimal audits define
never before considered operational vulnerabilities.
When fabrication professionals fail to exercise "common sense" concerning the use
of factory computers strange things occur. Fast track geniuses become bumbling idiots
when a question such as "what did you do to your machine ?" is posed after the system
has crashed and weeks or months of, expensive to recreate, information is lost. The
famous phrase "NOTHING ! I didn't do anything other than that which I normally do",
becomes the defense mechanism for a mexican stand-off and the cause of peer tension.
Bad feelings and finger pointing can be avoided if a simple auditing process is included as
an integral part of a manufacturing computer processing system. Good security
procedures specify the use of software which includes an automatic auditing facility to
provide traceability. Positive planning using computer generated activity audit trails will
help to determine if the computer failure was real, a ruse to hide the theft of corporate
secrets or an aggressive attack upon data resources.
Auditing defines the sequence of steps which occurred prior to a software
application or automated machine failure. An audit trail defines the operating conditions
resultant from user actions while the user was executing application software. Properly
documented traceability will eliminate the hard feelings which occur in situations where
failure costs time, resources and reputation.
Blame and finger pointing are irrelevant. An audit trail will allow a reviewer to follow
the work process and to determine if the procedure which was followed is in agreement
with the company operating manual. If you do not have a fabrication procedures manual
the audit trail will provide the basis by which to create a manual. In many cases the audit
does form the basis for a procedure manual which did not exist until the audit was
introduced. Audit experience will dictate if current operational procedures should be
modified to prevent a problem or its repetition. Good audit trails assist management in
decisions concerning the most beneficial path to follow to maximize corporate goals.
Several unique audit trails are necessary to fully understand how and why problems
occurred. Good auditing trails will identify weaknesses and vulnerabilities which can be
corrected prior to a security dilemma. The minimum audit trails necessary are:
A Change Log -- A change log is produced by a detector algorithm which identifies
real differences in the data and executable software from the last time the file/program was
invoked. The location of the software or data that has been modified will go far in the
determination of whether the failure was accidental, stupid or malicious.
Accidental problems are caused when files are updated but not saved or when the
wrong menu choice (most workers use and misunderstand productivity tools) cause
unacceptable output or schedule disruption. Stupid problems occur when users take short
cuts like ignoring back-up policies or when programmers do not desk check and test their
code prior to a "pressure-caused" application software fix. Malicious problems are caused
when a virus has infected your computer because someone has acted in an aggressive
manner.
The Change Log directs focus to Administrator and/or User Logs for further
substantiation of a lapse which can or did trigger a problem. Failure to include a Change
Log in your security system is, in and of itself, a weakness. Sobczak's V-PHAGE
integrated small computer and network security was constructed to exploit philosophies of
professional security auditing. Audit trails are a key feature necessary to assure total
security of manufacturing data.
An Administrator's Log -- A step by step history of the action's taken by the
person charged with responsibility to authorize the use of application software and
sensitive corporate data is mandatory if one is to follow the sequence of occurrences which
caused a crisis.
Administrator actions require periodic audit to assure that corporate policy and
procedure have not been unintentionally modified. In many cases the administrator
succumbs to his own subjectivity and interprets policy so as to follow the path of least
resistance while meeting what he perceives to be the spirit of corporate direction.
Research identified internal audit weaknesses that security software for small computing
systems and networks must address.
Most access control software add minimal, conceived after the fact, audit features
to track active commands. The audit result is incomplete as holes in the step-by-step
"what happened" audit trail occur when software applications which call DOS commands
are executed. Applications software are the rule rather than the exception. Audit software
which omits application logging and file utilization controls are flawed in their attainment
of workplace security.
Logs should be consistent and patterned by user session, date and time, showing
the command issued and the files involved. Secure audit trails are stored in hidden
directories using separately identifiable encrypted formats. Should a log be erased outside
the system, notice of unauthorized change must provided to the administrator's log and
entered into the current user audit file.
A Users Log -- Users of a professional integrated security system are required to
employ access control. Further, access to special features in truly integrated security
system requires access identification to assure that the person executing the application
is the person who is authorized the use of a main frame link. In larger systems such as
DEC's Kerberos for UNIX a separate Ticket Giving Server (TGS) controls access across
network file servers. In small computer security the combination of ID, Password and
Access level performs this function effectively.
The auditing procedure must log an individual user in a time phased step by step
manner. Periodically in accordance with good internal auditing practice, an analyst can
determine off-line and quietly if the user is following mandated procedure in his execution
of work place duties. Commercial shared data bases are easily misused if utilization
controls are not in place. Human nature, such as it is, causes individuals to seek faster
and easier ways to do their jobs. Employees not privy to the "big picture" might create a
weakness or vulnerability in a subsequent operation without ever knowing the problem they
caused. Only careful auditing will save a firm from unneeded expenses.
Computers have decentralized factory operations. Networks have allowed
downsizing and data distribution to be taken for granted. Technological enhancements
have made the task of the security administrator and internal auditor horrendous. Audit
trails designed to assist security monitoring go along way to protect corporate assets.
Senior management monitoring the effect of automation upon the bottom line would do well
to ask for, if not demand, audit summaries. User Logs are an urgent requirement when
back-tracking to locate the cause of a problem or trace a sequence of an atypical
occurrence. User logs are stored in a hidden directory available only to the single access
privileged administrator.
Sobczak monitors problems by integrating the actions of the user with those of the
administrator against detected changes. Integrated security allows the internal auditor to
isolate and copy changed files for off-line examination. The authorized auditor and/or
administrator can erase damaged files and restore the system up to and including
replacing the Root and File Allocation Tables (FAT) as they existed prior to a problem.
Backup and recovery are, as well, mandated in factory operations.
Missed Attempt Log is a record of attempts to enter the system without knowledge
of a valid ID or Password character sequence. This audit tool is most important as it shows
a modem line or network node has encountered an attempted security breach. Your
device was accessible to an attacker. As an audit mechanism within an integrated
security package the missed attempt log serves a second purpose, one with more
immediacy. Should the interloper attain more than sixty percent (60%) of a Password that
Password's valid duration clock is set to zero and at the next valid log-on the Password
must be changed. This feature is necessary in to assure security. Notice must be
provided to the administrator should change by this default be required.
Security software is in contention with application software for memory. Software
safeguarding manufacturing computers must minimize the RAM memory required to
warrantee security. A good security software package will allow maximum availability of
Random Access Memory (RAM) to revenue producing business application software. The
premise which causes a requirement for computer security in the factory is simple.
Security saves you from unnecessary expenses in day-to-day operations. Security is a
necessity to assure profitability.
In summary, computer security usually only gains importance after a problem has
damaged operations. Most users addressing computer problems are neither hardware nor
software experts. They are astute business people who require professional tools to assist
them in their comprehension and resolution of problems brought to their attention. Audit
Trails are the least intrusive means for maintaining control. Security software must be
designed to assist the manufacturing professional by offering a logical means for him to
comprehend the way in which the automated manufacturing process operates.
I suggest that every manufacturing plant requires professional computer security
which identifies threats to operations from the point of view of a potential perpetrator.
Managers responsible for revenue contributions should compare those state-of-the-art
software packages available in the marketplace to determine which meet operational
auditing needs. Choose the package best suited to your need. Engage a knowledgeable
consultant to review your operations and suggest a means by which your operations might
become secure without reducing profit. Use the consultant to train key individuals in the
installation and maintenance of the security software chosen. The newly trained
individuals will become the in-house cadre testing various options available to secure from
employee actions outside the scope of current policy. We all know that if a hole exists, it
will be found and exploited by an employee who believes he has taken the path of least
resistance. When management is satisfied with the test installations, they can authorize
the new accepted security policy upon all computers.
SHORT BLURB ABOUT THOMAS V. SOBCZAK, CONSULTANTS
Sobczak creates professional security for concerned corporations. When corporate
executives think about the integration of Access Controls, Encryption, Change Detection,
Backup/Recovery, Menu Management and Audit Trails, they realize the need for security
systems by Sobczak. Our goals are oriented to factory security and supported by
professionals oriented to the factory of the future.
For additional Information:
THOMAS V. SOBCZAK, CONSULTANTS
P.O. BOX 0433
BALDWIN, NY 11510
(516)623-6295
E-mail: tvsconsult@netzero.net