FactoryTalk AssetCentre

From SCADApedia

FactoryTalk AssetCentre, formerly named RSMACC, is a central management solution for PAC management. AssetCentre provides change management, configuration backup, and recovery for controllers. It can also monitor PAC health, manage assets, and export and present historical controller data for third party applications and use.

AssetCentre integrates or interoperates with FactoryTalk Security for user and computer authentication and authentication and RSLinx Gateway for communication to the controllers.

Contents 1 Overview 2 Authentication and Authorization 3 Change Control 4 Backup 5 External Links

Overview

FactoryTalk AssetCentre is a Windows-based client / server application for the management of a network of Allen Bradley PAC's and other supported controllers. Rather than directly accessing the PAC's using an application like RSLogix, the users work on a client that connects to the AssetCentre server. All changes and commands flow through the AssetCentre to the field devices. This centralized server enforces authorization rights, change control, backup and other security and non-security related management and records all activity in logs and archived files.

AssetCentre leverages other Rockwell Software products.

• Authentication and authorization is provided by FactoryTalk Security
• Communication from AssetCentre to the PAC's is provided by RSLinx which is integrated into AssetCentre
• RSLogix is used in some configurations as part of the AssetCentre client

Previous versions of RSMACC required a Windows domain controller, but authentication via a Windows domain is now an option rather than a requirement with the integration with FactoryTalk Security.

There are four main modules in AssetCentre: Change Management, Network Health, Asset Manager and Enterprise Online. An organization may purchase and deploy one or more of these modules.

The number of possible architectures and feature selections possible in AssetCentre is quite large and this SCADApedia entry does not purport to cover even a small fraction of them. The focus in this entry is on the security features in the Change Management module of AssetCentre.

Authentication and Authorization

FactoryTalk AssetCentre relies on the authentication and authorization services in FactoryTalk Security for communication between the user and AssetCentre. This is an effective control for users that do not try to circumvent AssetCentre.

There is no authentication or authorization between AssetCentre and the PAC's. The authentication is strictly from the user to AssetCentre. Furthermore, many of the features in AssetCentre, such as configuration backup, require that the PAC's do not implement the CPU Lock password on the PAC's. If a disgruntled insider chose to connect directly to the PAC rather than go through AssetCentre all authentication and authorization could be bypassed.

A compensating control for this vulnerability is to deploy access control lists (ACL's) in routers or firewalls that are in front of the PAC's as shown in the figure below. The ACL's are small and simple since only the AssetCentre, control servers, and perhaps a small number of emergency administrator systems should be authorized to connect to the PAC's.

Change Control

The AssetCentre implements a full change control system. Authenticated users with the proper authorization rights in FactoryTalk Security will be allowed to checkout a PAC configuration file from archive. Only one user can check out a file at a time to prevent concurrent and conflicting changes. Multiple users can simultaneously obtain read only copies with the Get command. The user with the checked out file can make changes, check the revised file into AssetCentre, and, if authorized, download the changes to the PAC.

A complete change control record is available that details all changes made through AssetCentre, date and time of change, and user that made the change. This record is helpful for a forensic investigation after a cyber security incident as well as for problems that are not caused by malicious actions.

Archiving of previous versions makes recovery via rollback simple.

The Verification Compare action in AssetCentre identifies when the configuration in a PAC is different than the checked in configuration in AssetCentre. Changes made by attackers and users who are circumventing AssetCentre controls will be detected by scheduling a periodic Verification Compare action. Unauthorized changes can be viewed in the Verification Viewer or proactively emailed to an administrator or security officer.

Backup

The Archive Module in AssetCentre keeps a copy of all PAC files where changes have been made and applied through AssetCentre. Any archived version of a configuration file can be downloaded to one or more PAC's.

The Verification Compare action used as part of change control can also play a role in backup. When a difference between the master configuration in AssetCentre and the version in PAC memory is identified, the version in PAC memory can be archived in AssetCentre.

Alternately, all PAC files can be uploaded and archived on a scheduled basis.

External Links

FactoryTalk AssetCentre Home Page (Note still referred to as RSMACC)