Worlds in Collision-Ethernet and the Factory Floor

Over the past few years the world of industrial controls has borrowed substantially from the world of information systems. Technologies such as Ethernet and TCP/IP have made the interfacing of industrial equipment much easier, but there is now significantly less isolation from the outside world. Network security problems from the business network can be passed on to the process network, putting industrial production and human safety at risk. This paper evaluates these risks to industrial control systems from both accidental and malicious intrusion. The first portion summarizes an analysis of reported incidents in industrial environments and their effects on process systems. The second part describes a series of tests developed and conducted at the BCIT Internet Engineering Lab to determine possible security weaknesses in common programmable logic controllers. Based on these results, recommendations are presented on designing network security for critical industrial control installations.