Posted by: Harold Ennulat | January 18, 2010

Ethernet Security In Control Systems.

Here is what I posted to a Discussion item in the “Automation and Controls” group in LinkedIn today “Has Ethernet security suddenly become a programmer’s concern while designing projects?

My answer addresses physical security with a controllable link to the business system LAN.

I’ve been fortunate.  All the projects I’ve worked on we always separated the business LAN from the process and control LAN(s).  In fact with Ethernet becoming the new “deviceNet” or I/O network of choice there are multiple Ethernet networks in today’s control systems.  Current practice is to completely isolate the I/O Ethernet systems.  This has been done by adding additional Network cards in the PLC rack… one of which is dedicated to I/O with no other connections to the outside world, except via the backplane of the PLC to another network card.

I’d also be curious if there is a strong economic pressure on projects to try and forgo the use of multiple Ethernet communications cards in the PLC rack(s)? 

A second network card can be used for other types of communications that should also be completely isolated from the business system and bridged over at one point where a firewall and other security devices can be installed.

As for actually knowing what level of security then needs to be applied, I’d also be curious how this is handled typically.  For my projects, IT has taken over from there and I just do what they say if I want to connect back to the PLC from a remote location.  VPN is typical when it is allowed at all.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


%d bloggers like this: