Want it Secure? Certify

Wednesday, November 10, 2010 @ 04:11 PM gHale

By Gregory Hale
There is not one end user in the industry that does not want to make sure he or she has a secure system, device, or procedure. It is a constant dance making sure everything is secure and keeping the bad guys out, while also running at full tilt to generate as much product as possible.
End users need their suppliers to knock out any kinks in the process before it hits their system.
But the challenging part is how to tell the device is secure or just something the supplier will tap dance around thinking it will be able to hold off the barrage of cyber attacks that can hit a device, or system, each day.
Yes, some day there will be a bevy of standards out there, but depending on which part of the world you are sitting in, that may not be a while. End users need to insist now their systems have a cyber secure certification.
There is at least one organization now certifying devices to ensure they are cyber protected.
Achilles certifications went over the 25-device level this past week and for this industry that is a milestone. Wouldn’t you want to make sure devices you latch onto your system are protecting you?
Peter Mainz thinks so.
The president and chief executive of Raleigh, NC-based Sensus, a solutions provider in the utilities industry, wants to make sure his users, the power companies, know his product, the Sensus FlexNet 2.2 Advanced Metering Infrastructure (AMI) communications system achieved the smart grid industry’s first Achilles security certification.
“Our utility customers recognize that independently verified and repeatable assurances of security are critical for defining a reliable standard of security for the entire Smart Grid industry,” Mainz said. Security is a relatively new concept in the industry, so security certifications and standards remain fragmented in the utility sector – much more so than in manufacturing automation where the bulk of those 25 certifications landed over the past three years.
The funny thing is, this is not a rubber stamp thing here. Tyler Williams, president and co-founder of Wurldtech Security Technologies, the creators of Achilles certification program, said. Of all the companies that submitted their devices for certification, “just one passed on the first go around.” That means the testing is rigorous and companies have to work hard for certification.
The catch is, however, users have to become better educated on security, and they have to be knowledgeable enough to demand their suppliers build in security.
“We need the help of the vendor community and the user community to demand better security in their products,” said Frank Staples, the National Security Agency’s chief of the control systems unit during the Safety Automation Forum last week at Rockwell’s Automation Fair.
“Every customer has something to lose; every customer has something to protect,” said Doug Wylie, Rockwell business development manager, Networks & Security Networks Business Group during Automation Fair last week. “Everybody has the responsibility to educate others on security.”
In this manufacturing environment where boosting productivity remains a top priority, users need to push the envelope, and keeping systems chugging full steam ahead. Downtime means lost revenue and potentially lost jobs.
These folks just do not have the time to test and then retest new products coming on line. They need to understand and trust their devices are safe and secure and ready to go right from the beginning. If not, that ends up being lost time not focused on the main priority producing product.
In the end, it all comes down to the end user making sure their supplier understands how important certification is to keep a system as productive as possible.
“There has to be a lot of communication between end users and vendors,” said Peter Kwaspen, Strategy & Development Manager, EMEA Control & Automation Systems at Shell Projects & Technology. “It is all about dancing; you need a good partner. If you do not have a good partner and you step on each other’s toes, it will hurt after a while. Good dancers communicate and anticipate each other’s moves.”
Talk to me: ghale@isssource.com.