Control engineers at plants wage a continual battle to protect their systems from intrusion. In the past, plant systems were in silos, separated from the outside world. Now, the plant network is connected to the company's ERP system. The network also reaches out to customers and suppliers. These extended networks deliver considerable efficiency, but they also make the plant vulnerable to direct attack, or more likely, inadvertent attack from malware.
Mobile Device Intrusion
One major change in recent years is the entry of the smartphone into the plant. "Employees are bringing their own devices. IT departments are relaxing their death grip on the network and they're allowing smartphones onto the floor," applications engineer Ben Orchard of Opto 22 told Design News. "It's because IT has had time to implement its security systems."
Yet security from mobile devices is a moving target. BlackBerry had a BlackBerry server. "When the BlackBerry came into the plant, the network was connected to the BlackBerry server," Orchard told us. "The Plant ran Windows and we could administer security. All you could do on the BlackBerry was corporate email. Then the iPhone stormed the mobile workplace and it was the Internet in your pocket."
A layout of the new networked plant.
IT balked at devices that connected out to the world. "IT said, 'No, we don't want to invite the Internet into the plant network,' but people started to bitterly complain that they can use the iPhone outside the building but not inside. They wanted to do what they wanted to do on their device," said Orchard. To complicate matters, applications that were industrial-specific for iPhones and Androids began to show up, and plant employees wanted to use these applications. "They asked, 'Why can't we do it?' and IT replied, 'We haven't had time to set up the security,' " Orchard noted. "Industrial automation moves slowly. Mobile has been thrust on it."
The war between IT and control
There has long been tension between plant control and corporate IT when it comes to security. The two disciplines have opposing points of view. Its mantra is protection comes first. Control insists that uptime and throughput come first. "The war with IT will never settle down. IT is an organization with a set of tools to protect their network. Their job is to protect data," Lee Neitzel, senior technologist at Emerson Process Management told Design News. "All of their tools are around protecting data. IT says we're going to install this in two hours and it will require a reboot and control has no choice in the matter."