Layers Protect Access to Controls

Jan. 2, 2008
Unfortunately Passwords Get Passed Around. Access in the Wrong Hands Often Leads to Machine Downtime, Costing Thousands
About the Author
In 2007, Loren Shaum was a contributing editor for Industrial Networking and Control Design, and principal at Comtec based in Syracuse, Ind., which provides research in the machine and general factory automation markets.Unwanted intrusion to machine controls long has been a major concern of Machine Builder Nation. Whether malicious in intent or not, the wrong people fiddling with the controls can cause traumatic events, least of which is loss of production.

Potential liabilities make it essential that machine control security is a major priority, even if it might increase the cost. There are various strategies deployed by control and safety equipment suppliers—some hardware-based, some software.

HA Controls (HAC), Livonia, Mich., provides PC-based HMI, SCADA and soft PID, PLC and motion control with its WinPC32 machine control software platform. “We always use at least three layers of software security protection on each control configuration,” says Jacob Pien, president. “When IT people are involved directly, an administrative layer is added.”

The key is the key
An electronic key system guards against password sharing and employee misidentification.
Photo by Euchner

HAC security codes allow only certain authorized personnel to migrate to specific software layers, but passwords often are distributed too easily, so HAC has specific sequential entry commands with a password that must take place before access is allowed to any security level. When a user attempts to log onto the system or switches to a window with a higher access level, he will be asked to enter a user name with the appropriately higher access and password.

Electronic Key System (EKS) is an access control solution from Euchner USA. “Often passwords are used to provide secure access to sensitive programming levels,” says Michael Ladd, president, Euchner USA. “Unfortunately passwords get passed around. Access in the wrong hands often leads to costly downtime.”

EKS has been used for the past three years at Cadence Innovation, a Tier 1 automotive component supplier in Troy, Mich., working toward elimination of costly plant security and resulting quality control problems. “EKS opened many doors to new applications in error proofing, traceability and accountability,” says Cadence manufacturing engineer Van Smith.

Every key insertion is recorded with time, date, key type, employee number, key number, total cycles and number of cycle completes. If the same key is inserted, removed and reinserted, then a new record is not generated. The same record continues to be updated with cycle data. A new record is generated at each day change when a key is present.

A severe quality control problem can be exposed in a secondary operation, for which operators are evaluated on meeting established production goals. Any sensor fault slows production. A tempting solution is to immediately reset the fault and pass a faulty part to the good-parts bin, or in some cases, bypass the sensor.

With Euchner’s system, operators now can reset minor faults, but need supervisor approval via a password-protected screen in the machine HMI to reset anything other than a minor fault.

Each key reader communicates directly with the controlling PLC, with HMI screen access now dependent on having the appropriately programmed access key. Operators, maintenance, supervisors and engineering personnel all have access keys with an appropriate access level programmed to the key, along with their employee number and other data. By having specific employee identification information programmed into each key, plant IT can implement efficiency, productivity and preventive maintenance tracking programs into its production management process.

Ladd believes that, while it might be easy for operators to lend out access keys, the realization that the key identifies an individual, just like a fingerprint, is a deterrent.