What’s the best way to ensure product quality and production uptime in industrial automation? Make sure that only trained and authorized people can access the programmable controllers.
Reduce Automation Controller Risks and Liabilities with Secure RFID Authentication
Sean Houchin, Product Manager | ELATEC
A typical manufacturing plant has various machinery, robots, and flexible manufacturing systems that fabricate and assemble various products. These machines are often driven by programmable automation controllers (PLCs, Industrial PCs, robots) and use a human-machine interface (HMI) for configuration, notifications and routine control. The automation controllers have software programs that perform specific tasks in a logical order to drive the machine or process. With automated systems growing in number and increasingly interconnected, programmable automation controllers and HMI software access control are crucial.
Automation controllers are usually connected through plant-wide Ethernet networks to IT servers that include databases for collecting and storing information to manage employee identity and authorization to run and support plant manufacturing processes. Identified plant personnel authorized to change or update automation controller and HMI software is stored on IT servers. Authorization data determine if the employee has the proper skill set and is currently trained and certified to access the manufacturing system hardware and software. Equally important is if an employee is authorized to enter a hazardous area to perform maintenance or other activities.
Plant IT servers typically store copies of the machine automation controller (PLCs and PCs, robots) and HMI software for backup, change control, and disaster recovery purposes. To prevent unauthorized software updates, a user authentication system should be installed on or near the operator station, requiring the physical presence of the person authorized to update or make changes to the software. This added authentication and authorization requirement further protects the manufacturing system, engineers, machine operators and maintenance personnel.
Access to Automation Controller Software and Change Control Is a Challenging Problem for the Plant Control Engineer
Working with the IT department, plant control engineers are usually responsible for authorization to access plant automation controller and HMI software. Authorized personnel typically include plant engineers, maintenance electricians and IT personnel who can access software running specific processes. The level of access varies according to the individual’s function in the plant. Engineers usually have full access to upload, download and change controller and HMI software. IT personnel usually have only upload or download authorization for backup and disaster recovery purposes. Plant maintenance electricians typically have limited access to change software and only for process troubleshooting. The specific authorization may vary from plant to plant, but identification of who accessed the software, who made changes and at what time is logged in a database to track changes for review when necessary.
There are many reasons control engineers design systems that log and track software changes to automation controllers and HMIs. One primary reason is that the impact of unauthorized changes is often severe and may include one or more of the following effects:
-
Loss of production
-
Undesirable changes to product quality
-
Lengthy process startup time or downtime
-
Engineers, operators, and maintenance personnel on different shifts unaware of changes, who made them, or when
-
Software changes not backed up to IT servers
-
Creation of unsafe operating conditions
RFID Solution for Implementing Access Control to Industrial Automation Controller and HMI Software
Authentication and authorization systems for software access control in industrial automation applications in factories today require that they be easy to use, flexible, durable, secure, and stand up well to environmental elements. RFID card systems address these application requirements better than magnetic stripe cards, smart (chip) cards and PIN pads. RFID cards are the most widely used form of authentication and access control today.
The diagram below shows industrial automation software's authentication and access control solution using an RFID reader combined with a network interface module.
Benefits of RFID Card Systems
One of the essential benefits of RFID authentication and access control is that it is easy and convenient for users. RFID cards are touchless, and the user only has to wave the card within a few inches of the reader to be read.
RFID readers are used throughout the organizational ecosystem for multipurpose authentication using existing employee building-entry ID cards. Functionality such as time-based access control, access to manufacturing processes, access to automation controller and HMI software and hazardous areas can be added. RFID readers can often read and write to more than one card type. Should plant requirements change, cards can be updated without issuing a new card.
With network access, readers can communicate using various communication protocols, including gigabit Ethernet, with information technology systems and industrial automation applications like industrial programmable controllers, HMIs, and robots.
Since they are touchless, both cards and the readers experience less wear and tear than in systems requiring the card to contact the reader, such as magnetic stripe cards and smart (chip) card systems. Over time, this can minimize the replacement cost of both cards and readers.
RFID card systems are more secure than other card-based identification technologies. Data transfer between cards and readers and message traffic between card readers and plant networks can be encrypted.
RFID readers and cards can also execute a kill command if the card is lost or stolen. Since the kill command deactivates the card, it prevents unauthorized access to sensitive data, hardware and software that controls industrial manufacturing processes and hazardous areas in the plant.
Importantly, given industrial settings, RFID cards and readers are more durable in harsh plant floor environments against dust, heat, dirt and general wear and tear than other authentication and access control technologies.
RFID is a secure, flexible, reliable, and easy-to-use solution for authentication and access control of hardware and software in industrial automation processes and holds up well in harsh plant floor environments. Multiple RFID reader technologies are on the market, but they are not all created equal. Choosing a comprehensive authentication and access control platform that offers a wide range of options can help your organization implement a solution to control access to industrial automation software that will continue to meet your needs now and as they change over time.
To learn more about choosing an RFID reader, download our whitepaper RFID User Authentication and Access Control in Industrial Automation.
About Sean Houchin
Sean Houchin is the product manager for ELATEC Inc in Palm City, Florida, and part of the global ELATEC GmbH product management team. He has more than 20 years of experience in product development, management and applications engineering. Sean is an expert in RFID technology, optoelectronic and fiber optic video, audio, and data transmission equipment for military and commercial applications and is a veteran of the United States Navy.
The content & opinions in this article are the author’s and do not necessarily represent the views of ManufacturingTomorrow
Comments (0)
This post does not have any comments. Be the first to leave a comment below.