atvise® and Security

Matrix2

22.07.2016

Ever since machinery in Iran has been shut down by Stuxnet, security in the industry has come into the focus of users and operators. The movement of IT-related topics into the industry in order to make plants and machinery more transparent and accessible, the subject of security now has received an even broader dimension. Since atvise is a part of this global change and a pioneer in HMI/SCADA in pure web technology - with all its challenges, we would like to objectively observe the topic here from the perspective of visualisation.

Possible threats to plants and machinery can be of simple nature, in which no or only minor damage may occur. But depending on how mission critical a plant or infrastructure project might be, criminal backgrounds must be taken into account and have to be evaluated. Based on a comprehensive analysis, the potential hazards can be identified and the corresponding effort can be defined. This can be done on several levels.

On the HMI / SCADA level of a plant or machinery atvise scada provides security mechanisms such as https, protected calls, user permissions, login mechanisms such as DIGEST / NTLM , etc. These should be in place in order to limit the risk of unauthorized use of atvise - and thus the plant – at best. If not, it would be like to leave the key in the ignition in an unlocked vehicle - you just don’t do that. Other mechanisms for securing an entire infrastructure can also be found on the operating system level. For this purpose we offer for users and operators information in the atvise documentation and a "best practice" security document.

On the other hand it is highly recommended to setup IT technical structures that absorb most infrastructure related problems with the usual tools such as a firewall and a VPN access. If all of this is not sufficient for the operator or a maximum security is desired, other special applications can be used, such as “IRMA”, an industrial computer system that identifies and blocks cyber-attacks in production networks.

In summary we can say that with such a simple operated and completely free customizable system as atvise is and the related infinite applicational possibilities, in terms of security always the cooperation of the operator or machine designer is required and cannot be influenced by the manufacturer himself alone. Basically, after enabling the existing security features a variety of hazards may be excluded when connected over the Internet.

We observe the topic security in a very accurate manner, especially the new legislation in Germany and the associated standard IEC 62443, section 4. Security is a fix anchored point in the atvise roadmap and more information on this will be continuously distributed.