Controlling risks in industrial and manufacturing plants

September 2013 Industrial (Industry)

The economic recession not only brought hardship to many people, it also brought an increase in crime. Industrial and manufacturing markets are no less at risk than the man in the street and commercial clients. Common risks include the protection of human life, assets and properties.

Aligned with the obvious security issues are those of conforming to occupational health and safety (OHS) codes and requirements. In addition, process plants are looking for new ways to reduce costs incurred by downtime and reduced productivity. So how can security technology help? Hi-Tech Security Solutions asked three market players whether one size fits all and whether there is integration between diverse systems within plants.

Marius Maré, CEO of Security Solutions at Jasco, said that industrial companies are using security to monitor their assets and productivity of their employees via technology such as remote monitoring, access control and time and attendance. “In areas where assets are being moved, for example in warehouses, CCTV together with asset tracking devices are being used to monitor the assets. Access to certain areas is controlled via access control measures (biometrics) and CCTV.”

Neil Cameron, area general manager: building at Johnson Controls, pointed out that security for industrial facilities is different to that for commercial buildings. “Often the assets that are being protected are of a very high value whereas often with commercial businesses the protection is more pertinent for human assets. In addition, industrial properties are often widespread and there are often a number of unknown visitors on site in the form of contractors and logistics/transportation companies.

“The risk generally varies throughout the building, with areas where high-value raw materials are being handled posing the highest risk. Therefore, the level of security in various areas will fluctuate depending on the risk profile. Companies might also rely on surveillance equipment to provide them with feedback on safe work practice from an OHS perspective,” Cameron added.

“Typically, systems would need to be more than just a keyless opening and closing mechanism. Due to the fact that there are more rules in place on an industrial site, one needs to employ more sophistication in the customisation of the site for optimal security.”

Kelly McLintock, group managing director at the UTM Group, said that the three core areas in industrial security are asset protection, operational surveillance and protection and occupational health and safety (OHS) risk and prevention.

Maré believes that the available budget determines which security measures are important to the industrial companies. “From an access control perspective companies typically consider which employees are on site; what time they clocked in; whether they are in the correct department; whether there are any visitors on site; who is accommodating the visitor and what area they will be visiting.

“From a CCTV point of view they would consider: implementation of video analytics, number plate recognition, perimeter protection, tracking of valuable goods, loitering, objects moved and objects left unattended,” he continued.

Open platform integration

“The ideal situation is one where all systems within a plant are integrated on an open platform. With IP-based technology, you would be able to integrate the process and access elements with the security system, whereby rules are programmed that trigger an alarm if an event occurs. An example would be using an anti-passback system. If a violation occurs on a door, the system will then activate a camera to record or take a snapshot. This in turn can trigger the alarm and then the alarm, with an image, can be mailed to multiple recipients for action,” said Maré.

“We are seeing a trend whereby strategic doors are linked to cameras for visual verification of the person who is entering a specific area in the plant. Eventually we anticipate that biometrics will be implemented to ensure that only people listed on the database for a specific item of equipment or machinery will be allowed to utilise it. This will eliminate unskilled people or vandals tampering with equipment,” said McLintock.

“We find that the older systems are standalone in operation. As technology advances, it becomes cheaper to integrate the access systems with surveillance, for example. Intrusion detection and energy management are commonly being integrated and OHS systems such as alcohol detection are integrated with access control and even surveillance systems. Some companies are attaching a risk factor to each employee which is based on when they last undertook a lie detector test, what their salary level is and previous infringements on their employment record, for example. This will then provide access to specific predetermined areas,” said Cameron.

In terms of the protection of vulnerable operations such as scada, Maré said that this usually forms part of the BMS system and the security system can be integrated depending on the different protocols (Bacnet-TCP, Bacnet-Ethernet, Modbus, Lon, C-Buss). “You would use the normal security system to monitor the control of the scada, for instance who went into the HVAC plant, what time they entered and left, and to control the access rights to certain areas of the scada system.”

“I do not believe that the communication with the scada system could be considered true integration. Rather, there is a sharing of information whereby the security system is able to monitor process events and send alerts based on predefined parameters,” said Cameron.

“If you do consider integrating systems it is important to ensure that the protocols are compatible, that the database can integrate seamlessly and, if you are making use of an IP system, make sure that you have sufficient bandwidth available,” said Maré.

Both Cameron and McLintock added that an open architecture platform is required to allow multiple protocols to share information. “Future proofing is critical. It’s unwise to think only of the immediate future; companies need to consider long-term planning in terms of their integration needs. Unfortunately, because of the costs involved, smaller companies tend to be unable to do this,” said McLintock.


In terms of the department responsible for the integration, this varies from one company to another, with collaboration often being the norm. “Normally the system design would come from the system engineer who would take responsibility for the project and the engineer would take responsibility for the integration between the various systems. If the scada system is set up correctly by the engineers, it should not require too much interference. Advanced security personnel would be used to monitor the system and engineers to make changes or changes values,” said Maré.

Integration is driven largely by budget and the lack of necessary skills. “With the correct, integrated software package it could easily be used to measure productivity of an employee and to calculate the required service intervals of a machine being used, by measuring the hours that the machine runs,” added Maré.

“If information could be shared across a layered BMS platform of access control, surveillance, process control, energy management, as well as fire and evacuation systems, there would be increased efficiencies in the plant. If security were, for instance, aware of what assets are currently on the floor, they could increase the risk profile and implement additional security measures such as closing down access to the high risk areas,” said Cameron.

So what happens to the goods once they leave the building? “Numerous companies use CCTV in conjunction with weighbridge information to capture the relevant information to make sure that the correct volume of goods is delivered to the end-user,” said Maré. McLintock said that it is extremely difficult to provide an end to end security solution and in most instances the risk is passed to the logistics company once it is loaded into the relevant transportation mode.

Contact information

Neil Cameron,,

Marius Maré,,

Kelly McLintock,,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

210 million industrial endpoints secured by 2028
News & Events Information Security Industrial (Industry)
A new study by Juniper Research has found that there will be growth of 107% over the next five years in the number of industrial endpoints featuring cybersecurity protection.

Growing cyber threats to SA’s critical infrastructure
News & Events Information Security Industrial (Industry)
The increasing reliance on digital infrastructure makes critical sectors like utilities more susceptible to cyber threats. This concern has been highlighted by Kaspersky's recent discovery of a new SystemBC variant that has targeted a South African nation's critical infrastructure.

Smart manufacturing redefined
Hikvision South Africa Surveillance Industrial (Industry)
AI and intuitive visualisation technology allows managers to monitor manufacturing sites, production, and operational processes, and to respond in real time in the event of an issue – helping to drive efficiency and productivity.

CHI selects NEC XON as trusted cybersecurity partner
News & Events Information Security Industrial (Industry)
CHI Limited, Nigeria's leading market player in fruit juices and dairy products, has engaged in a strategic cybersecurity partnership with NEC XON, a pan-African ICT systems integrator.

Edge technology can transform manufacturing in South Africa
Axis Communications SA Surveillance Integrated Solutions Industrial (Industry)
Aligning South African manufacturing more closely with this global shift to edge technologies could take manufacturing in the country to a new level, says Axis Communications’ Rudie Opperman.

Edge AI and managing risk in the cloud
Industrial (Industry) Infrastructure
As organisations see greater volumes of data generated from their operations. It is understandable and imperative that this data is leveraged to generate more value and increase insight that help operations and asset integrity managers ‘do more, better’.

Supporting local manufacturing
Industrial (Industry) Infrastructure
Smart Security asked Esenthren Govender, Solutions Executive at Technodyn for insight into how the company supports local manufacturing organisations to optimise their business.

New algorithm for OT cybersecurity risk management
Industrial (Industry) Information Security News & Events Commercial (Industry)
OTORIO’s new risk management model and attack graph analysis algorithm technology, calculates OT cybersecurity threats and provides risk mitigation actions, prioritised according to actual exposure and potential impact on operations.

The role of AI in industrial plants
Industrial (Industry)
The average modern industrial plant uses less than 27% of the data it generates, but industrial AI can play a major role in identifying patterns and making process predictions through new software platforms that simplify convergence and analysis of OT/IT/ET data.

Addressing the SCADA in the room
Industrial (Industry) Information Security IoT & Automation
Few other sectors command the breadth of purpose-built and custom devices necessary to function, as the industrial and manufacturing industries. These unique devices create an uncommon risk that must be assessed and understood to fully protect against incoming attacks.