Applications used in industrial control systems are moving away from human-machine interface (HMI) systems. HMIs are the most visible surface within control systems, but many other applications exist beyond them, allowing for trend analysis, historian data management, or the creation and management of HMIs used by operators.
The article “The evolution of software in industrial control systems” discusses a number of points relating to the evolution of HMIs. HMIs were originally painted panels which represented the process, which allowed a user to observe process progression and interact with it with lights and buttons, as you can see in the image below. As computer systems evolved and grew, these HMIs evidently became applications.
First applications tried to represent the panels on computer screens, but were therefore overcomplicated, and confused and distracted the operator on many occasions. HMIs now have the fewest possible elements and do not use many colours, so that the operator can focus on which is really important.
In terms of security, HMI access were based on physical security, since access was needed to the room in which it was located. No security changes took place with the introduction of computers, although it was no longer necessary to keep the HMI in a room with limited access, and anyone could access it and modify the process. It must be noted that, if an attacker gained control of an HMI, they could alter the information shown as they pleased. In order to resolve the problems associated with unauthorised use of the HMI, authentication for HMI access was introduced.
HMI authentication was originally very simple, and used a single profile and password. It was later deemed necessary to create profiles with different functionalities, which could mean using different screens for each profile. Nowadays, modern HMIs allow authentication to be assigned to an active directory.
Trend applications arose in response to the need to manage future processes according to a past state. Trend graphs show the state of a determined variable, such as existences, production, etc. The information shown is based on the control system’s historian database.
These graphs were originally used only in plants, to prevent possible errors, but they were later discovered to be useful in corporate environments, since the data could be used to predict sales, and production could be adjusted accordingly. If information was modified by an attacker, this would entail significant losses for the company. These losses could originate in a number of different areas: the production of unnecessary products, losses in sales not made due to a product shortage, the purchase of unnecessary material, etc.
Nowadays, these applications can be integrated into standard office software such as Excel, allowing work to go ahead without depending on proprietary applications.
Security for these applications has taken the same path as HMI security in terms of authentication. In terms of information access, the manner in which data is directly accessed in the historian in a corporate environment has changed, and it is now accessed through a replicated historian in a DMZ network.
Design and configuration applications
Both HMIs and field devices are configured from the engineering station. HMIs were originally created and modified by the operators themselves. However, software has now become more complex, and therefore specialist workers are needed to perform these tasks. SCADA application packages currently provide this service, using different applications governed by access control.
This change improved security, since HMI was modified by a single person, which meant that they could keep a proper register of the changes made.
Device management, also carried out from the engineering station, has undergone significant changes since its initial inception, and now has much better security. Older devices only supported local configurations, and did not have any kind of access protection, either physical or in terms of software. It was therefore not possible to know the time at which the programming was modified, and the identity of the one responsible.
Nowadays, modern devices are generally managed through some kind of Web service, and a username and password are needed for access. The most developed devices also allow authentication to be assigned to an active directory, as well as allowing for the use of access control and authentication protocols such as RADIUS and TACACS+.
If an attacker gained access to configuration applications, they would be able to modify the programming of any device, meaning they could make changes to the processes and, therefore, to the complete production at the factory. If they gained access to HMI generation tool, the operator would not be aware of what was actually occurring in the process if it was modified.
SCADA application packages essentially consist of all the software needed for an industrial control system to work, grouped together.
The first applications used in these control systems each worked for just one system, and later became the property and responsibility of the manufacturers.
Over the years, there have been several well-known and widely used SCADA packages across the globe, but with the rise and evolution of devices, as discussed in Device Evolution in Industrial Control Systems, new application packages have been developed, some of which can be used for free.
The evolution of the Internet and communications, coupled with the global needs for information, have given rise to the evolution of software towards mobile devices, with the creation of applications for smart phones and tablets.
-New conception of industrial control system applications-
Security in different SCADA application packages has also evolved, although not at the desired pace. Developers have made it possible to integrate authentication systems, and have improved code quality (for example, deleting embedded passwords). However, there are still a number of vulnerabilities, especially if appropriate methodologies are not used to develop software security. These vulnerabilities could give rise to attacks; in the majority of cases this simply results in denial of service attacks, but sometimes this can lead to information leaks (including credentials).
Evolution and future of applications
The evolution of applications is heading towards the cloud, as noted in the article "My SCADA in the cloud", and towards different models for delivering cloud services (Saas, Iaas or Paas). Using this model allows industries of all sizes to access software, since package prices are better adjusted and the quantity of resources required is lower. Now, the client pays to use the software, and both the application code and the data are stored remotely.
The future of applications in control systems is linked to that of corporate systems, accessing applications in the cloud through terminals which will require few resources and will be specially designed for surfing the Web.
In light of all the improvements that applications have undergone in industrial control systems, it must be noted that these changes have given rise to new risks associated with technology, or applied configuration.
- Using new technologies, in this case cloud computing, to centralise control and maintain industrial systems means that, beyond a certain point of access, it is possible to control all system processes.
- It is vital to use profiles in HMIs when configuring and developing applications, while managing roles and passwords effectively. The aim is to avoid the rise of privileges or mistakes when managing and/or storing credentials.
- It is important to bear in mind that the growing use of mobile applications entails greater vulnerability, since the mobile devices themselves (tablets, PDAs, mobiles, etc.) can inherit vulnerabilities to their operating systems, such as Android, Blackberry OS and iOS.