The importance of machine authentication in plant safety and security

Physical security is essential for a modern production facility, users don’t want just anyone entering the building or accessing secure areas.

But what about production machinery? Machine authentication is often a missing link in the security plan for manufacturers.

Why machine authentication? 

Most manufacturers have made significant investments in physical access control (PAC) for production facilities. Few shops currently hand out physical keys to employees or leave the building unlocked during production hours.

For all but the smallest shops, front-door access typically involves individual radio-frequency identification (RFID) badges that enable tracking of who is coming and going and at what times.

Use of physical keys, password login

It is simply assumed that anyone who has access to the factory floor has the knowledge, authority, and training

But when it comes to production machinery, many manufacturers still rely on physical keys, password login on the human-machine interface (HMI), or a shared PIN to unlock machine access.

In some shops, machines may not be secured at all, it is simply assumed that anyone who has access to the factory floor has the knowledge, authority, and training to use the machines responsibly. However, this is not necessarily a good assumption, especially in a larger manufacturing plant where many people can access the production floor. 

Valuable and sensitive equipment

CNC machines, robotic welders, process equipment, and other production machinery can cost anywhere from $5,000 to half a million or more, depending on their size and function.

They also have significant safety risks for untrained users and may hold valuable and sensitive IP (such as customer design specs or batch recipes).

User authentication

Authenticating users at the machine level closes an important security loophole and makes plants safer and more productive. Machine authentication prevents untrained or unauthorised users from accessing production machinery.

The right authentication system also allows access levels to be tailored for different users based on training credentials, job roles, or even projects. 

Machine authentication benefits

A strong machine authentication solution provides several benefits for manufacturers:

• Minimises unplanned downtime and expensive damage to machines caused by untrained operators.
• Enables tracking of production outcomes by machine operator for better quality control and troubleshooting.
• Protects company and client IP held on the machine by preventing unauthorised access to machine controls and memory.
• Enhances plant safety and compliance by limiting machine access to operators with the appropriate credentials.
• Reduces the risk of deliberate sabotage by unauthorised operators, including damage to machines and production facilities and data theft or corruption. 

Mark Merino, the Director of the Digital Factory Group for Polaris Automation, explains, “Machine authentication allows us to identify which people are logged into different pieces of equipment and make sure they are trained appropriately for the machine and have the right clearances for the data they are trying to access.”

Choosing the right machine authentication solution 

Access control for production machinery can be accomplished by various means, including password and PIN systems, physical keys or fobs, RFID badges, or smartphone-based mobile credentialing systems.

The best machine authentication system will:

• Be highly reliable and secure to protect the machine from unauthorised access.
• Enable identification of individual operators and tracking of who has used the machines, at what times, and for what projects.
• Allow access levels to be differentiated by the user.
• Be easy to implement and administer.
• Discourage sharing or cloning of credentials.

RFID readers

An RFID reader can be easily connected to or integrated with the HMI for the machine

In most manufacturing environments, the simplest solution for machine authentication is the RFID badge employees already carry for building entry. An RFID reader can be easily connected to or integrated with the HMI for the machine.

All users must do to authenticate themselves is swipe their badge over the reader to unlock machine controls.

RFID benefits

RFID provides multiple benefits for end users, IT, and managers:

• It leverages technology already widely used, so users do not have to carry a separate key or fob to access machine controls.
• It is more secure and easier to manage than a password system, as passwords are frequently forgotten, shared, or hacked.
• Unlike shared PINs, physical keys, or fobs, user authentication via an ID badge enables accurate identification of who is logging into the machine. Users are much less likely to share their picture ID badge (which is often also linked to HR functions such as time and attendance) than a machine password, PIN, or key.
• If an ID badge is lost or stolen, or an employee leaves the company, IT can easily disable access to the card.
• RFID credentials are very difficult to hack or clone. Transmission between the reader and card can be encrypted for added security.
• Unlike biometric options, RFID is highly reliable even in hot, dirty, or humid environments and does not require workers to remove gloves, safety goggles, or masks.

Getting started with machine authentication 

Machine authentication starts with selecting the right RFID reader. A universal RFID reader supports easy implementation, integration with other building systems, and scaling.

A universal reader also provides flexibility for the future in case companies want to change transponder technologies or allow for user authentication using mobile credentials on a smartphone.

IIoT model

User authentication must be designed within the context of the wider security ecosystem of the plant

To ensure the security of production machinery, user authentication must be designed within the context of the wider security ecosystem of the plant. Modern production machines are increasingly networked and connected in an “Industrial Internet of Things” (IIoT) model.

That means machines are not only vulnerable themselves but are also endpoints in the broader IT landscape of the plant. Machine authentication systems must incorporate best practices for endpoint security, such as those outlined by ISO (International Organisation for Standardisation), NIST (National Institute of Standards and Technology), and other industry organisations. 

Best practices:

• The reader installation should be tamper-proofed to prevent physical disruption of the authentication system.
• Use an encryption standard suitable for the security level of the application. Encryption prevents data interception or card cloning.
• If higher security is desired, RFID can be implemented as part of a multi-factor authentication system along with biometrics and/or a password or PIN.
• The authentication system should support different access levels for different users or classes of users. A role-based permission system allows for different levels of access for line operators, supervisors, IT, and maintenance, for example. For maximum safety and security, individual users should only have the minimum access required to do their jobs.

With secure machine authentication, manufacturers can protect people, production equipment, and IP, while enabling smooth operations. It all starts with an authentication system that supports reliable and secure operator identification at the machine level.