Identifying the vulnerabilities at your plant

Get a better grip on protecting your plant, from securing ICS configurations to detecting explosives.

By Sheila Kennedy

Protecting industrial plants and their machines, networks, information systems, and personnel from threats is a management duty. New tools are designed to help companies comply with NERC’s Critical Infrastructure Protection (CIP) requirements, OSHA’s Process Safety Management (PSM) standards, the ISA/IEC-62443 standards, and other external and internal security measures. Following are products meant to help companies manage the vulnerabilities of their physical, cyber, and human assets.


Great attention is being paid to securing the integrity of industrial control system (ICS) configurations. “Cyber attacks are a means to an end. In the industrial sector, the end is to interrupt production, cause damage to equipment, and create unsafe conditions that can potentially lead to catastrophic accidents. ICS hackers achieve their goal by attacking the proprietary configuration of the process control and safety systems,” says PAS founder and CEO Eddie Habibi.

To address this concern, PAS developed its Integrity software to manage the proprietary configuration of control and safety systems. It automatically captures inventory and provides configuration management, change control, workflow procedures, and backup and recovery.

NextNine’s OT Security software enables operational technology security policy management, hardening processes automation, and compliance reporting for management and regulatory authorities. The solution is used worldwide in oil, gas, mining, and defense applications, among others.

The Waterfall FLIP and Unidirectional Security Gateway from Waterfall Security Solutions allow for secure, integrated communications between IT and OT control system networks. Waterfall FLIP uses replica servers to protect a company’s OT network from external attacks while letting the company share information between its business and operations networks.

Plant and personnel security

Identifying suspicious vehicle behavior is a frontline defense. With the AutoVu system from Genetec, cars driving at high speeds or entering through parking lot exits can immediately trigger alerts and alarms. The system provides data on a vehicle’s speed, direction, and make as well as the state, province, or country of origin of its license plate.

“AutoVu is an IP-based automatic license plate recognition system that can accurately read license plates and compare them to lists of known vehicles, track arrivals and departure times, and increase situational awareness,” explains AutoVu general manager Stephan Kaiser. The system is unified with Genetec’s Omnicast video surveillance system and can automatically record footage” from vehicles of interest, he adds.

Outdoor IP video surveillance can now be used in areas that were not previously feasible for it thanks to new technologies such as Power Over Ethernet (PoE). Belden’s PoE-based industrial Ethernet switches allow networked video cameras to receive power and data over the same cable, eliminating the need for traditional wiring for AC power.

The MINI Z handheld Z Backscatter screening system from American Science and Engineering (AS&E) is a portable, X-ray-based cargo and vehicle screening tool. Portable X-ray tools “provide fast, real-time detection of concealed explosives, drugs, and other organic contraband,” says Joe Reiss, vice president of product management at AS&E.

Federal tools and services

The U.S. Department of Homeland Security offers a number of tools to help protect the industrial sector from physical and cyber threats. Among them are the Enhanced Critical Infrastructure Protection (ECIP) security surveys, a Security Vulnerability Assessment (SVA), and a Cyber Security Evaluation Tool (CSET).

Read Sheila Kennedy's monthly column, Technology Toolbox.