Five Ways HMI Software Can Help Secure Your Operations
July 20, 2020
Michael Szentkiralyi, Product Manager, Rockwell Automation
Today’s HMIs provide access to not only production systems, but also an increasing amount of sensitive production information. This is why it’s absolutely critical that they be secured.
A bad actor who accesses an HMI either remotely or in person could make changes to a production system that could compromise product quality or even create unsafe conditions for workers. They could also access HMI components like displays, recipes and trending information that contain intellectual property.
Of course, security threats aren’t always malicious. Well-intentioned workers can also make changes to production systems that can lead to wasted product and downtime.
To reduce the risk of these incidents happening in your production facilities, consider using modern HMI software that can help protect your people, processes and intellectual property in several ways.
Five key HMI security features
Modern HMI software offers a wide range of security features that, if used, can help strengthen your security. Key features include:
Access control: User authentication and authorization services in your HMI software can help make sure only the right people can perform the right actions at the right terminals. You can even ensure that specific production assets can be accessed only from specific terminals, based on factors like an operator’s line of sight to machinery.
Mobile security: Mobile HMIs – laptop PCs, tablets or smart phones – are increasingly being used to untether workers from fixed terminals. And mobile HMI software can deliver the same role-based access control to mobile devices as what’s possible with stationary terminals. The software allows you to restrict specific displays and interactions for certain users, for example restricting remote workers who don’t have physical access to machinery to view-only HMI access.
Electronic signatures and change confirmation: Built-in change confirmation with electronic signatures can give you greater confidence that only authorized individuals are accessing your production systems and performing certain operations or making changes. You can even require a second electronic signature from an employee in a designated “approver” user group. And if something goes wrong in production, you can review the changes made and electronic signatures logged in your system to help identify the cause of the incident.
Electronic signatures can also help you comply with standards like FDA 21 CFR Part 11 in regulated industries.
Centralized management: Modern HMI software that integrates with your existing IT systems, like Windows Active Directory, can help you more easily and securely manage users and groups in your organization.
For example, employees can use the same user credentials that they use to check their email to log into the HMI software. This can help reduce security risks like shared log-in credentials that can end up being shared on a note taped to a computer for anyone to see. Also, if an employee leaves, their log-in credentials only need to be deleted in one place.
Back-up and recovery: When you integrate modern HMI software with asset-management software, you can automatically back-up your HMI configurations. This allows you to retrieve the latest version configurations so you can quickly recover in the event of a security incident.
Integration with asset-management software also allows you to create an audit trail of operator actions. So, if an alarm goes off or a downtime incident occurs, you can review what the operators were doing to understand what happened. With proper trending and troubleshooting tools, you can even review operator actions and alarm conditions overlaid with process data for a complete look at the situation.
Find a vendor that has your security in mind
When choosing HMI software for your operations, make sure the vendor makes security a priority – not only in a product’s features, but also holistically across the product’s lifecycle.
For example, do they think about and implement security in every new feature or function they develop? Do they perform in-house testing to look for vulnerabilities in their software and work with outside security experts to do similar, third-party testing? And if a potential vulnerability is found in their products, are they transparent with customers about it?
