Using Biometrics in Industrial Control Systems

Jan. 27, 2020
How biometrics can increase the physical security of industrial control systems.

The State of Industrial Cybersecurity Report 2018, from the Kaspersky Lab, found that 54% of respondents who had experienced a cyber-attack on their industrial control system (ICS) noticed damage to their products or services. Industrial control systems are critical to business success, so how can we protect them better? Here Emil Pricop, senior lecturer at the Automatic Control, Computers & Electronics Department of the Petroleum-Gas University of Ploiesti, Romania, and freelance scientist for Kolabtree, explains how biometrics can increase the physical security of industrial control systems.

Control systems are critical components that run the air conditioning in our homes, the safety of our cars, and even industrial facilities — whether it’s a petrochemical plant, oil refinery, power plant or water and sewage treatment plant. In the last decade, the control systems became one of the preferred targets for hackers. The attacks can be devastating for business in more ways than just financially — they can completely disrupt processes, risk human safety, cause environmental harm, result in the leak of confidential information and ultimately lead to the shut-down of an entire facility.

Biometric Security

Radiofrequency identification (RFID) is one way of providing physical security for an ICS. Authorized personnel are given a card that enables access to the correct parts of a facility. However, cards can be stolen and used by someone else, and to prevent this, businesses are turning to biometric techniques.

DNA analysis is an extremely accurate biometric technique, but it is certainly not a practical one as it is invasive and time-consuming. Voice recognition is less time consuming, but it still takes over three seconds to verify the user, which would be too slow if immediate action was needed. It can also be inaccurate — a person’s voice can change if they are ill, or a recording could be used to trick the system.

Fingerprint analysis is one of the oldest biometric methods and one that is affordable and well accepted. An alternative is palm vein template recognition, a non-invasive collection technique, where users can scan their palms for access.

Iris scanning is also growing in popularity — each person has a unique iris, which stays the same throughout their lifetime. However, iris scanning can be difficult. People’s eyes rarely stay still, and the shape of our eyes essentially forms a curved reflective surface that is partially obscured by our eyelids and eyelashes.

Facial recognition is likely to become the biometric method of choice for ICS security. It can be incorporated with existing surveillance systems and integrates well with artificial intelligence. To use it, businesses must have access to high levels of processing power, a large amount of storage space and good lighting conditions.

Two Steps to Safety

To improve accuracy, businesses can opt for a multi-factor biometric identification system, which uses more than one measurement. One problem with this is that in emergency situations when the user needs to issue a quick command, the system may be too slow.

Storing the data in advance, so that only one rapid measurement is needed at the time of access can speed up the process. Businesses must consider how they store this data so that it cannot be copied or stolen by a cyber-criminal — storing only part of the information is one way of addressing this. Researchers at the Seektron Company and Petroleum-Gas University of Ploiesti, Romania, have developed and patented a system that stores part of a user’s biometric data. It uses an RFID card that stores fingerprint templates and when the user requests access to a protected area, they scan their fingerprint to create a live template, which is compared with those stored securely on the card.

Biometric technology provides an effective, affordable and easy to implement a way of improving the physical security of an ICS. For these approaches to be successful, we need to increase acceptance among employees. As people get used to using commercial devices, such as smartphones, with fingerprint or facial recognition, biometrics in the industry is more likely to take off.

Need help securing your industrial control system? Kolabtree has over 9,000 registered scientists to help you with your project. For more information visit