This is a challenge. In Part I we identified the security events we wanted to look at. In Part II we talked about the PI interfaces that can pass events from a wide variety of data sources to PI. In Part III we delve into the challenge of creating tags in PI for the various security events.

Now this might seem straightforward. Asset owners are creating new tags in PI all the time. The challenge is the consistent naming of these tags so they can be used in the ACE security event correlation modules we will be developing to detect what we are calling security ‘meta events’. If each implementation uses different tag names, then they will need to modify the ACE modules. This would likely affect adoption. Who has the time to do this, and what about the inevitable errors?

We could have rigid names saying a security log event from this data source or a point from a field device is given a specific tag name, but that has a number of problems. An asset owner likely has multiple data sources of the same type and each will need its individual tag name. Also, asset owners are going to want to customize the tag name so it has context and is recognizable.

Our current plan is a middle road solution requiring a string in the tag name, but not a specific tag name. This will allow us to use another feature in PI called the Module Database to automatically convert a specific implementations tag names and related information to what is specified in the ACE detection module. For example, the module database normalization process can look for all tags with the string “firewall” as part of the tag name. It then can take these identified tags and store the data in the tag in tag names used in the ACE module.

This is our first approach. We know it will work from a technical standpoint. The question is, is this the simplest effective way of doing this for the asset owners? Is there some other technique that will be less restrictive - - less than requiring a string - - on the asset owner? We will have a sample up in the next couple of months for your consideration.