Modernizing and layering your employee badges can be an effective way to help protect production processes, data and assets from physical and cybersecurity threats.
By Sheila Kennedy, Contributing Writer
Editor's Note: This article is adapted from the white paper, “Access Control Enters the Realm of Industrial Automation,” from Rockwell Automation Encompass™ Product Partner RF IDeas, Inc. Download the free, comprehensive white paper to learn about additional applications for using employee badges for security; types of badge readers and the advantages and disadvantages of each; and which methods and technologies to use based on your needs.
Physical and logical security in manufacturing plants and other industrial firms is a pressing and persistent concern. Controlling access to and within the site and protecting information and automation systems from breaches is essential. Physical or digital security lapses, whether accidental or malicious, can cause significant damage, particularly when it harms personnel, the equipment or environment, or impacts quality.
Technology advancements and the emergence of the Industrial Internet of Things (IIoT) have introduced a host of new opportunities to control activities and equipment inside the four walls of the plant, but they also produce a bevy of new access points and more data.
Now building automation systems often are driven by programmable automation controllers (PACs) and use a human-machine interface (HMI) for configuration, notifications and routine control. With these systems growing in number and increasingly interconnected, PAC and HMI access control becomes an imperative.
Modernizing and layering legacy access control methods, such as the ever-present employee badge, can be a sound and economical approach to protecting production processes, data and assets. Considering that nearly everyone entering a locked facility has to present a security badge of some sort to gain entry, why not apply this same concept — and smart technology — to security concerns inside the building?
Employee badges (ID cards) are a commonly used credential to gain access to a facility. With the IIoT, cloud and big data accelerating the convergence of IT and operations technology (OT) for The Connected Enterprise, more refined security and risk management opportunities are available.
“We believe the growing IT/OT convergence is having a significant effect in the manufacturing and processing industries,” says Craig Resnick, vice president of consulting at ARC Advisory Group. Although industrial firms are at all different levels of convergence, Resnick believes the direction towards greater convergence is clear.
“When the IT/OT convergence is done, many times a company will use IT's security access and practices and try to apply that to control systems access, whether that's passwords or multilevel passwords, all the way up to iris scans depending on the level of security desired,” he explains.
New badge-based reader solutions coupled with partner applications are standardizing and streamlining manufacturing access control processes. The same employee badge used to enter a building now can also be used to authenticate access to equipment, factory lines, secured rooms, documents and software, and to regulate activity on control systems, networks and equipment. Any movement within the facility and any activity throughout the day could potentially be tracked and managed with the right badge reader, apps and a badge.
Badge-based authentication is faster, and it eliminates errors associated with manual password entry. For example, in situations where a supervisor periodically helps an operator, a badge-based access solution would prevent the operator from re-using the supervisor's username and password, avoiding intentional misuse or errors. The ability to use existing employee ID badges or key security devices (FOBs) with readers provides a desirable and cost-effective solution.
A variety of badge (card) readers are available depending on the badge type used by an organization: magnetic stripe badges, barcode badges, proximity cards (125 kHz) or radio-frequency-enabled (RF) contactless smart cards (13.56 MHz). On the plant floor, contactless smart cards are used more frequently because of the amount of information they contain.
How Savings are Achieved
Cost savings from deploying an integrated smart card security solution for both data and physical access can be attributed to factors such as:
- Reduced time spent on sign-on procedures.
- Consolidation of employee access privileges onto a single, multifunctional smart card.
- Improved quality control with access permissions.
- Reduced numbers of password-related queries made to IT departments.
- Better management of public key infrastructure (PKI) certificates — a set of roles, policies and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption.
- Greater automation of card provisioning.
Consider this example: After a large paint manufacturer installed a badge reader on its mixers so that only authorized, trained employees could unlock and operate the equipment, the number of bad batches fell from 12 per week to less than one per week, saving the company nearly $2.5 million annually.
The value of this technology is driving increasing investments. “The American [North and South America] market for electronic access control readers was worth about $237 million in 2015 and is projected to grow to $252 million in 2016,” says Blake Kozak, principal analyst for the Security & Building Technologies group at IHS Technology. “Smart card readers are projected to grow the fastest in 2016 at 8.8% in the American [North and South America] market.”
Varied and Growing Applications
Growing interconnectedness and the ability to standardize access control are revealing opportunities for risk management that weren't previously viable. Increasingly, access controls are becoming an important element of quality control policies.
As the following examples indicate, users can find security procedures and applications throughout the plant to manage access, manage access levels by user role, and track employee actions.
Information Technology. Computer logins are the first step to protecting information. However, people can forget passwords, which consumes employee and help desk time. Switching from passwords to badge-based authentication eliminates manual keystrokes and associated problems.
Operations. Putting a badge reader on PAC-based machine control software can prevent remote software updates and require the physical presence of the personnel authorized to make changes. Or, requiring badge authentication at a production line allows tracking of who is on the line and when, so that quality issues or other problems can be traced back to the individual, and retraining or other corrective actions can occur.
Maintenance. When hazardous equipment such as a large press is due for maintenance, requiring badge authentication before allowing safety features to be disabled can allow only properly credentialed employees to perform the work.
Industrial Dispensing. Industrial dispensing machines with badge readers can control who accesses the machines, track which items are dispensed and account for the costs. Managers can monitor consumption trends so appropriate quantities are reordered at the right time to keep carrying costs low.
Compliance. In regulated industries such as food processing or nuclear power, access control and tracking applications can validate whether employees have the authentication to perform their assigned duties, whether it's reading a file, running a program or operating a machine. They can also help capture regulatory records.
Extending access controls building-wide via employee badges offers virtually unlimited application opportunities for standardizing and automating access control methods. Manufacturers in particular can incorporate this approach in their security policies to address their increasingly interconnected and mutually dependent systems.
RF IDeas, Inc. is a participating Encompass Product Partner in the Rockwell Automation PartnerNetwork™. Access control for HMI and control systems throughout manufacturing facilities is enabled with its badge-based readers. pcProx® Plus readers for Rockwell Automation are compatible with FactoryTalk® ME, FactoryTalk SE, PanelView™ Plus 6 and above, and most Logix-based controllers.
Learn more about the Rockwell Automation Encompass Product Partner Program.
The Journal From Rockwell Automation and Our PartnerNetwork™ is published by Putman Media, Inc.