HOME  |  NEWS  |  BLOGS  |  MESSAGES  |  FEATURES  |  VIDEOS  |  WEBINARS  |  INDUSTRIES  |  FOCUS ON FUNDAMENTALS
  |  REGISTER  |  LOGIN  |  HELP
Blogs
Blog

Is Your Network Safe?

NO RATINGS
View Comments: Threaded|Newest First|Oldest First
Ann R. Thryft
User Rank
Blogger
It's always daylight in someone's time zone
Ann R. Thryft   11/13/2012 12:29:05 PM
NO RATINGS
Thanks, Rob, a clear summary of the tensions between IT and the factory floor on this subject. Not only does connectivity and these conflicts affect a local network because of 24/7 use, it also affects everyone around the world in different time zones. Many times I'm accessing a website to make a purchase or to find out financial account data, and because it's on a Sunday or after 5 PM in someone else's time zone, I get an error message saying they're doing a security update or other maintenance.

Rob Spiegel
User Rank
Blogger
Re: It's always daylight in someone's time zone
Rob Spiegel   11/13/2012 10:34:37 PM
NO RATINGS
Thanks, Ann. More and more companies are gaining a handle on the tention between IT and control managers. The going solution is to create a team that includes both control and IT folks.

Ann R. Thryft
User Rank
Blogger
Re: It's always daylight in someone's time zone
Ann R. Thryft   11/14/2012 12:38:56 PM
NO RATINGS
Rob--a team with both control and IT people? Who talk to each other? What a novel idea! Kidding aside (I think), it's sure taken a long time to bring that about. Glad to hear it.

Rob Spiegel
User Rank
Blogger
Re: It's always daylight in someone's time zone
Rob Spiegel   11/15/2012 11:01:06 AM
NO RATINGS
Yes, Ann, in successful deployments now, many companies are creating these IT/control teams. Some of this comes through vendor encouragement. Apparently, these teams have been successful at reconciling the needs for 24/7 plant uptime and IT concerns over security.

Ann R. Thryft
User Rank
Blogger
Re: It's always daylight in someone's time zone
Ann R. Thryft   11/15/2012 4:46:18 PM
NO RATINGS
Rob that cooperation is a long time coming, don't you think?

Rob Spiegel
User Rank
Blogger
Re: It's always daylight in someone's time zone
Rob Spiegel   11/15/2012 8:40:08 PM
NO RATINGS
It seems to make sense, Ann. Yet I think the struggle between control engineers and IT folks is fairly recent. For decades, the plant floor was run on networks that were not linked out to the company's back office and supply chain. As for these teams that include control and IT, a lot of that movement seems to have come from vendors as a suggested best practice.

Ann R. Thryft
User Rank
Blogger
Re: It's always daylight in someone's time zone
Ann R. Thryft   11/16/2012 11:50:53 AM
NO RATINGS
I see what you mean. But Ethernet has been invading the factory since the late 80s, and began to infiltrate the back end--the plant floor--around that time in some industries, even if it was only cobbled together custom attempts at interfacing the control system with early IT networks. So the conflicts began over 20 years ago.

Rob Spiegel
User Rank
Blogger
Re: It's always daylight in someone's time zone
Rob Spiegel   11/17/2012 1:13:55 PM
NO RATINGS
Ann, wasn't that a closed loop back then? Since that was before the Internet, I would think they didn't have the same conflict over patches that they do now.

Ann R. Thryft
User Rank
Blogger
Re: It's always daylight in someone's time zone
Ann R. Thryft   11/19/2012 12:30:05 PM
NO RATINGS
Rob, that was before the Web, but not before the Internet (I started posting my stories to the Computer Design bulletin board using a 300-baud modem in 1989. For those of you who don't know what that means, it was a very, very slow modem connection to the pre-Web predecessor of a website). In any case, these were not closed loops where I worked, or at the company's customers.

Rob Spiegel
User Rank
Blogger
Re: It's always daylight in someone's time zone
Rob Spiegel   11/19/2012 7:14:11 PM
NO RATINGS
Yes, Ann, I remember the Internet before the WWW. In the early 80s, I worked for a company that prepared articles for sites such as Dialog and sites like Lexus and Nexus. That was back in the day when intermediaries such as special librarians often ran the online searches.

It was a small world with publications such as Online Review and Information Today. I'll never forget when I saw a TV commercial for America Online. I couldn't belive this small online world had spilled over into the consumer world.

Ann R. Thryft
User Rank
Blogger
Re: It's always daylight in someone's time zone
Ann R. Thryft   11/20/2012 4:21:44 PM
NO RATINGS
Rob, I'd forgotten about those online search specialists. That does take me back! I also remember the debut of AOL, and using the first browser, Mosaic, which later morphed into Netscape.

Rob Spiegel
User Rank
Blogger
Re: It's always daylight in someone's time zone
Rob Spiegel   11/21/2012 2:48:25 PM
NO RATINGS
Yes, Ann, it was quite a transition from those early dial-up services to the Internet we now know. One significant change is that you no longer need a librarian intermediary between you and the information you're seeking. I remember attending an online conference in the mid-80s. A presenter from one of the major online services (I think McGraw-Hill)  demonstrated a page of information. I took about two minutes for the page to load. He admitted that the Internet was not quite ready for consumers. 

Charles Murray
User Rank
Blogger
Is your network safe?
Charles Murray   11/13/2012 6:31:21 PM
NO RATINGS
In answer to the question in your headline, Rob, I ask: Is any network safe? I'll be curious to hear what Eric J. Byres has to say.

Cabe Atwell
User Rank
Blogger
Re: Is your network safe?
Cabe Atwell   11/13/2012 6:42:35 PM
NO RATINGS
If the company has to ask, is the network safe, it probably isn't. The only way to keep it safe is to remove outside connectivity in any way. But that doesn't stop the disgruntled internal ne're-do-well. All a company can do is stay current and respond to industry warnings. If in the process something else fails... what can be done? Isolation is the key.

There has never been a case of medical implant hacking, but it became a major panic for the med sector recently. Now they scramble to find solutions. Companies pop up to handle the phantom threat. In this case, is it really a concern? Or is it a case of better safe than sorry?

C

Nancy Golden
User Rank
Platinum
Re: Is your network safe?
Nancy Golden   11/13/2012 7:13:07 PM
NO RATINGS
Me too, Charles. In the old days at the semiconductor company I worked at, as a member of test engineering I was also expected to help with keeping everybody's computers up and running. We never thought much about network security beyond the barebones administrator privileges. With the increase in interconnectivity and establishment of IT departments, computer security has become so much more than guarding against a virus attacking your computer - so much so that some companies have gone to the extreme. I have a friend that works for an engineering company and he can't even download datasheets because of the security settings by their IT department. If there is no activity on his keyboard for longer than five minutes it automatically logs him out. It would be nice for companies like that to adapt different strategies where the network is kept secure but the employees can still access the data they need. I am surprised to read that disgruntled employees are feared the most - I would think it would be unethical competitors...but then the disgruntled employees that leave may become the unethical competitors. It always astounds me how much time and energy people devote to such a destructive and dishonest practice as hacking, often with no logical return except for the accomplishment they feel in being able to do it - if they directed their energy to honest productivity they would be so much better off...

Rob Spiegel
User Rank
Blogger
Re: Is your network safe?
Rob Spiegel   11/14/2012 9:14:57 PM
NO RATINGS
Yes it is a good question, Chuck. When plants were silos, safety wasn't a concern. That has really changed in recent years. Plant networks now connect out to ERP systems and supply chain partners. Another thing that has changed is the use of energy. Ten years ago plants didn't care about energy savings. Wow, has that changed.

William K.
User Rank
Platinum
Is the network safe???
William K.   11/15/2012 10:28:25 PM
NO RATINGS
One very simple and inexpensive way to hack a companie's network has been described to me, and it would work in a lot of places, particularly those where the system hub is in a closet, not a server room. All a visitor would need is a cheap wireless router and a eternet cable. Plug the cable into the system hub and then into the router, plug in the router, and place it above the dropped ceiling of the closet. The company network could then be accessed by anyone with the router password, within range. And if the hack were discovered, finding the snooper would not be simple, because of the wireless link.

Rob Spiegel
User Rank
Blogger
Re: Is the network safe???
Rob Spiegel   11/16/2012 1:38:56 PM
NO RATINGS
William K., you illustrated very well the vulnerability of plant networks. You can see why this drives the IT folks crazy.

William K.
User Rank
Platinum
Re: Is the network safe???
William K.   11/16/2012 7:29:50 PM
NO RATINGS
The same volunderability is often found in office building networks where there are wire-closets sometimes left open in hallways. easy instant hacking, with no pesky passwords if the right wireless hub is used.

ab3a
User Rank
Platinum
The only "safe" network is one you can't use
ab3a   11/30/2012 12:25:46 PM
NO RATINGS
As one of the co-founders of the SCADASEC e-mail list, Chairman of the DNP User Group, and a voting member of the committee that reviews and writes the DNP3 SCADA protocol (also known as IEEE-1815), this subject is very near and dear to my heart and to my career. 

Eric Byres is a well known and highly regarded expert in this field. But there are differences of opinion and there are practicalities that have to be answered.

For example, you could build a perfectly secure system and it would be very labor intensive, and so unusable that the whole process you're working on becomes uneconommical. It's just like trying to build a bulletproof fighter jet. You can certainly protect certain key parts, but you can't protect the whole thing. It would be so heavy that it would never get off the ground. 

Likewise with SCADA and control systems, we need lightweight but effective security that doesn't get too far in the way of those who use it and doesn't become so difficult to use that it is cheaper to run operations manually.

The big secret to maintaining a posture of this sort is to keep the data hounds at bay. All this idiotic talk of "Big Data" presumes that someone will "surf" over this data and discover lovely gold nuggets of precious observations that will save the company money.  The latter is predicated on gathering the data cheaply. Well, if you want to keep it secure, it won't be cheap any more. 

The other problem is that there are too many people with glossy CIO literature who salivate puddles of drool over knowing real time data in the boardroom. No CEO in his or her right mind would want to know data in this detail. It does no good except if you dream of micro-managing your company toward insanity. 

There are judgement calls to be made.  There are political situations that need to be addressed. And frankly, it is time for some pushback against the "real time" data hounds who have no understanding of the business processes, the industrial processes, or where the leadership of the company wants to go. 

We need to get more secure. Of that there is no dispute. The differences of opinion are on the hows and whys. 

Rob Spiegel
User Rank
Blogger
Re: The only "safe" network is one you can't use
Rob Spiegel   11/30/2012 1:48:33 PM
NO RATINGS
Ab3a, thanks for all the detail. That helps a lot. But I have an oddball question. When it comes to security, who are the likely enemies?

ab3a
User Rank
Platinum
Re: The only "safe" network is one you can't use
ab3a   11/30/2012 2:09:00 PM
NO RATINGS
We would like to think that we're defending against evil script kiddies living in their Mom's Basment, or some foreign hacker working for a government agency. So many decide to defend against the faceless Man-In-The-Middle attacks because they're an easy sell to management. But that's not what experince has shown. 

In reality most of them are your co-workers.  Yes, the ones you drink coffee with every morning.  Aside of the flimsy and unstable designs or configurations, it usually takes extensive inside knowledge to do real, lasting damage to most control sytems.

That's why the most notorious cases are usually the work of insiders. 

 

Jake Brodsky

 

Rob Spiegel
User Rank
Blogger
Re: The only "safe" network is one you can't use
Rob Spiegel   11/30/2012 3:53:16 PM
NO RATINGS
Jake, that's what I've always thought. The disgruntled employee is the most dangerous hacker. That employee is the one who knows where are the buttons and levers are.

Partner Zone
More Blogs
Here's a variety of views into the complex production processes at Santa's factory. Happy Holidays!
The Beam Store from Suitable Technologies is managed by remote workers from places as diverse as New York and Sydney, Australia. Employees attend to store visitors through Beam Smart Presence Systems (SPSs) from the company. The systems combine mobility and video conferencing and allow people to communicate directly from a remote location via a screen as well as move around as if they are actually in the room.
Thanks to 3D printing, some custom-made prosthetic limbs, and a Lego set, one lucky dog and a tortoise has learned new tricks.
With Radio Shack on the ropes, let's take a memory trip through the highlights of Radio Shack products.
Computer security firm Norton has partnered with clothing company Betaband on a pair of jeans that will keep your RFID-tagged credit cards and documents safe from wireless theft.
Design News Webinar Series
12/11/2014 8:00 a.m. California / 11:00 a.m. New York
12/10/2014 8:00 a.m. California / 11:00 a.m. New York
11/19/2014 11:00 a.m. California / 2:00 p.m. New York
11/6/2014 11:00 a.m. California / 2:00 p.m. New York
Quick Poll
The Continuing Education Center offers engineers an entirely new way to get the education they need to formulate next-generation solutions.
SEMESTERS: 1  |  2  |  3  |  4  |  5  |  67


Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.
Learn More   |   Login   |   Archived Classes
Twitter Feed
Design News Twitter Feed
Like Us on Facebook

Sponsored Content

Technology Marketplace

Copyright © 2014 UBM Canon, A UBM company, All rights reserved. Privacy Policy | Terms of Service