The present invention relates to security systems and methods for industrial automation systems.
Industrial automation systems are known for automating industrial processes. For example, industrial automation systems have been used for material handling, robotics, airport baggage handling, water and wastewater treatment, cement production, semiconductor fabrication, electric power, entertainment, food processing, mining, beverage and packaging operations, ski lift operations, forest products processing, life sciences, logistic processes, fibers and textiles processing, metal forming, automotive, petroleum and chemical processing, plastics processing, automated transportation, health care, agriculture, postal and shipping, and other manufacturing processes, to name but a few examples.
There exists an ongoing need to provide security for industrial automation systems. Security is desirable in order to limit access that may obtained to the automation system, for example, for purposes of obtaining information from the system, for purposes of making changes to the system, and so on. For example, responsibility for operating/maintaining certain aspects of an industrial automation system may be given only to certain qualified individuals. It is typically desirable to prevent other individuals from gaining access to the system to make changes since those individuals may not be qualified to make such changes. Further, it is typically desirable to limit the ability of unauthorized individuals to gain access to the system even just for purposes of checking system settings or otherwise obtaining information about system operation. For example, if a particular manufacturing process is held as a trade secret, it may be desirable to closely guard read access to the automation system so that an unauthorized individual cannot obtain detailed information about the manufacturing process. Likewise, it may also be desirable to limit access to other types of manufacturing information, such as production quantities, defect rates, and so on. Further, it may be desirable to prevent ill-intentioned individuals, such as computer hackers or terrorists, from gaining access to the industrial automation system for purposes of causing damage to the automation system, to the items it processes or manufacturers, or to related infrastructure.
At the site of an industrial automation system, it may be possible to gain access to the industrial automation system by using a user interface associated with one or more of the automation devices that forms the industrial automation system. For example, an individual may use a user interface associated with a motor drive to gain access to the motor drive. Alternatively, standard interfaces are sometimes provided that allow access to be gained by connecting a laptop or other computer to a communication network that connects portions of the industrial automation system.
Further, it is becoming more and more common to connect industrial automation devices to the Internet, and the same types of threats that are posed on-site can also be posed from remote locations via the Internet. For example, industrial automation devices such as motor drives, multiplexed input/output devices, automation controllers, and others have been provided with ports for an Ethernet connection. Such an Ethernet connection may be used to connect the device to the Internet, for example, directly or via a local area network. Connecting an industrial automation device directly to the Internet may be desirable, for example, to allow firmware to be downloaded to the industrial automation device from the manufacturer. Alternatively, an industrial automation device may be connected via an Ethernet connection to a local area network or other company-wide business/management information systems (e.g., a company-wide intranet) in order to provide management with real-time access to plant floor data. However, since such intranets are also commonly connected to the Internet, the industrial automation devices become indirectly connected to the Internet. Once an industrial automation device is connected to the Internet, either directly or indirectly, it becomes vulnerable to threats.
A need therefore exists for systems and methods which provide security for industrial automation devices. Although certain advantages are described herein, it should be understood that the disclosed systems/methods may also be used to achieve different and/or additional advantages, without necessarily achieving any of the advantages described herein.