printer friendly version

Industrial security requires more than security

Industrial operations are prime targets for the criminally inclined, whether they are after physical goods or virtual information. Unfortunately, industry is inclined to focus on doing what they do rather than security, and do little beyond the minimum necessary. This approach is naturally changing quickly as companies realise how vulnerable they are, particularly as industrial concerns digitise.

While these companies often have highly qualified people on board in terms of engineering and factory operational skills, they do not have the knowledge to adequately protect their virtual and physical assets. Having an alarm system and a new access control solution is not going to cut it these days, especially if you want to protect your intellectual property from all and sundry.

Hi-Tech Security Solutions asked Walter Rautenbach from Suprema as well as Hendrik Combrinck from ZKTeco for their opinions on securing industrial operation in the modern age.

Hi-Tech Security Solutions: What are the general challenges manufacturers and industrial plants face in terms of security?

Walter Rautenbach – neaMetrics.

Rautenbach: If one limits these challenges to problems within the sphere of biometric access control and not to security in the sense of stock-losses and inventory control, then the greatest challenges faced are the harsh conditions presented in these environments.

When we say harsh conditions, we are referring to general environmental factors such as temperature and dirt, as well as the bad quality of biometrics, specifically fingerprints, due to hard labour, contact with chemicals and dirty prints in general. These challenges can be overcome by using newer optical technologies which are far less sensitive to these influencing factors, as well as devices that feature adaptive temperature control for abnormally hot/cold environments.

Hendrik Combrinck from ZKTeco.

Combrinck: Manufacturers and industrial plants, as is the case with many other industries, are under tremendous pressure to keep operational costs as low as possible against the backdrop of volatile currency markets as a result of the weak economy. This operational environment leaves no room for complacency as minimal losses and shrinkages on a continued basis can have devastating effects on the bottom line.

Hi-Tech Security Solutions: Are these organisations looking for solutions that meet their security needs, but also impact on operations? Or do they still follow a silo approach?

Rautenbach: Yes, there is definitely a move towards production automation, but companies are faced with challenges caused by the variations between production environments and the lack of a ‘one size fits all’ solution. If we look at inventory or production control, or even occupational health and safety, then we see more requests for systems that can effectively control this by using true identity. Implementing biometric measures for this purpose can effectively control the movement of raw materials during production, but can also deliver very useful data relating to production and individual performance that goes beyond security.

There is also a definite trend to controlling industrial equipment through biometrics. These measures can regulate who is qualified to operate which equipment and also ensure that related certifications are up to date. These mostly fall under the ‘safety and security’ umbrella, ensuring a safe working environment and preventing loss to employees and employers through the prevention of accidents and unauthorised utilisation of equipment.

Combrinck: Organisations are looking for solutions that will enhance their productivity and efficiency as well as mitigate as much security risk as possible. Risk management has become a full time aspect of most operations as operational risk both from within as well as outside the organisation must be managed at all times to ensure that investments are not lost to factors that can be managed (to as high a degree as possible).

Internal security and risk factors range from physical loss of goods and property due to negligence and theft, to productivity losses due to theft of time from employees, contractors and service providers alike. The latter represents a huge chunk of productivity losses as organisations still fail to adequately monitor, manage and control this aspect of their operations. If you don’t know it, you can’t manage it.

The security and T&A specialists have proven countless times how organisations lose productivity and money on absent and unproductive employees. It has also been proven many times how an investment in a proper T&A system, coupled with other components of electronic security like access control and CCTV can put back hundreds of thousands of Rands back into the coffers of the organisations in a very short period of time. One would shudder to think how much more is lost, or could have been saved, if such measures were put into place earlier.

More informed organisations are moving away from silo type installations where numerous systems that require a team of people to manage are implemented. The drive is more towards systems that offer individual specialist brilliance in their own capacity, but also offer collective intelligence sharing capabilities that makes it easy to integrate with other systems for a consolidated reporting functionality that offers instant and reliable reports to the client with as little effort as possible.

A good example should be a system that controls access into the organisation’s premises and IT resources using a biometric system that is also integrated to a T&A system, which by its nature is linked with the human resources system, thereby eliminating the need for duplicated tasks like capturing employee data for more than one system. This system should also accommodate workflow management where employees are required to clock in and out of each task they are performing so that resource allocation is properly managed (properly distributed and monitored).

Hi-Tech Security Solutions: What are the integration options when comparing industrial protocols and security? Is everything moving to IP?

Rautenbach: Standards such as scada and ONVIF have had no real impact on biometric access control platforms. The utilisation of IP for these access platforms is definitely on the rise, although RS-485 remains popular due to distances of 1200 m instead of Cat 6 at up to 100 m. When one looks at the standards related to RS-485, such as OSDP, then the enhancement and support for this Open Supervised Device Protocol is definitely on the rise, enabling open standard connectivity between devices and controllers utilising RS-485.

In the light of more connected devices moving towards the Internet of Things (IoT), one does see the need for physical long distance cabling being reduced on a day-to-day basis.

In short, although the utilisation of IP is definitely on the rise, the utilisation of lower level serial protocols for monitoring of industrial equipment is still here to stay for a while. We do however, see more IoT platforms being used to take in these low-level serial signals from PLCs and telemetry systems, repackaging the same and transferring them via the Internet to centralised control systems.

The incorporation of biometric activity into these systems has not been as fast moving as, for example, workforce management in guarding, but companies definitely understand the impact of the human element on production and we will therefore see more movement into this arena.

Combrinck: Everything is indeed moving to IP. There is no question about that. Management platforms that integrate a variety of solutions into consolidated dashboards are few and far between. Those that are available are either tailor-made to suit specific solutions and are mostly proprietary to such solution providers only. The cost associated with these is also high and unattainable by many industry customers. Dashboards of this nature can vastly benefit industry operations as they greatly simplify business process monitoring as well as provide a single point of data retrieval for the industrial client.

Hi-Tech Security Solutions: Is digitisation having an impact on local industry? Do we see IoT featuring in their decision making for the future? Is the industry incorporating efficiency improvements with security, or is security left out?

Rautenbach: Carrying on from the above, we are definitely seeing IoT playing a huge role going forward. If this will be as fast as predicted by Gartner is still to be seen, and in our view, security at present for IoT is definitely on the back burner in a trade-off for speed to market.

Combrinck: Digitisation is making an impact on the local industry, albeit at a very slow pace when compared to developed industries elsewhere. A cautious approach to the adoption and implementation of IoT technologies in decision making is being taken by technology front-runners in local industry to exploit the digitisation and automation opportunities that can be derived from technology.

Hi-Tech Security Solutions: How are industrial organisations dealing with the cyber world?

Combrinck: The sensitivity of this type of crime is such that organisations are continuously having to assess their risk profiles as well as their risk mitigation strategies, hence many organisations have established their own internal risk management units. These are speciality-trained teams of people that are entrusted with the highest-level assets that the company needs to protect at all costs. This is not something that the traditional security industry is ready for, at least not at the present moment.

Hi-Tech Security Solutions: Perhaps the question should be: Are security integrators up to speed when it comes to serving the modern needs of industrial clients?

Rautenbach: We feel that on the high-end side, with top-notch integrated systems, one can indeed rely on the solutions provided. The concern, however, is that on the medium to low-end side, stability and security is of great concern and is posing potential risks to clients utilising sub-standard integrations. It is ultimately the client’s responsibility to do risk assessments, looking at what data could possibly be exposed and the impact thereof, and then to ensure that they select an integrator qualified to protect them against these risks.

Combrinck: Security integrators are putting in a great deal of effort to serve the needs of industrial clients. It must be borne in mind that in as much as some of the solutions required may seem similar, the bulk of the needs are unique and in most cases require detailed customisation if they are to answer the exact needs of these clients.

The uniqueness is brought about by varying and specific operational needs that industrial clients have. It is often not easy to offer off-the-shelf solutions for these kinds of needs. There is now, more than ever, a profound need for a high-level system development capacity within the normal operations of security system integrators if they are to service this market at a cross-functional system level.

Share this article:

Further reading: