Shutting down a plant to install a security patch is no small matter. It can be both disruptive and costly. "Plant managers don't like to shut down work stations. A shutdown for an hour can cost a million dollars," said Neitzel. "They do not enjoy putting patches." Yet IT insists the patches are necessary to protect against known threats. So the patches go on, but only when downtime can be scheduled.
What's the threat?
Threats to plant networks come in a variety of forms. Some are as simple and common as an Internet worm. Others can be disgruntled ex-employees. "Threats are a big topic. You can limit it to two things: malware through a network interface, or hacking on the Internet," noted Neitzel. Preventing intrusion can be a matter of knowing who can get onto the automation system. "We close the window to keep people from connecting devices. We use a private network. Only if you know you're going to talk with us are you configured to connect," Neitzel said. He notes that if the device is not configured, it cannot find the system at all.
Security breaches can arise from simple, daily activities. "If someone says they need to recharge their iPhone and they use an USB port, an infected file can get to the network," said Neitzel. "We guard against that by disabling the USB ports. The customer can unlock them, but they have to be aware of the security risk. It's the same with CDs and DVDs."
Sesh Marellapudi, business segment head for industrial security at Siemens, agrees there is a wide assortment of threats. "They come in three categories: major, medium, and minor. Because there are so many, you never can have a single silver bullet to solve this problem," Marellapudi told Design News. "The threats are based on how the network is set up. Mobile devices are absolutely a threat. Tablets or iPhones, even USB sticks." Another risk from mobile devices is the ease with which they can grab data. "They can tap into plant data and upload it. Once someone has the access, you have a wide open hole unless everyone in the plant is properly authorized."
Security certification may help in network security. There is a movement in the control industry to define true network security practices. Neitzel is leading Emerson's effort to gain WIB Certification. The certification is the brainchild of The International Instrument Users Association (WIB) in The Netherlands. The organization provides process instrumentation evaluation and assessment services for its 25-plus end-user members. WIB is a purchasing specification driven out of Scandinavia that is being promulgated into IEEE and ISA standards. It requires demonstrated continuous improvement in practices to keep plant automaton systems secure from unwanted intrusion.
I think those are good questions, Rob. I don't think younger employees are less territorial, at least not in my experience. It's also true that in the plant in those days they certainly weren't in charge of departments, since that was before the great downsizing that eliminated the middle management layer. But I think one big factor that's changed is that there's more emphasis today on teams than on hierarchy--not that hierarchy doesn't exist but it seems to have moved up the pyramid a ways.
You're right, Rob. I wrote extensively about implementing TQM for awhile for CMP, including in-depth interviews with several companies that had tried and failed (as well as a few that tried and succeeded). But back then, those resistant "populations" were usually well over 50% of the company's employees.
I believe TQM ran into problems with populations that were not convinced that changes would be improvements. The attitude seemed to be, "What on earth do you know about what we have to do? If it could be more efficient, we'd make it more efficient."
That makes a lot of sense: the narrower goal. TQM required everybody in the whole plant to do everything entirely differently in all areas. It was pretty overwhelming. I can sure see how sacrificing uptime would be a no-op.
Wow, that's a very big change from the days of attempts at setting up TQM systems: it was very hard to implement TQM here in the US, and in fact there many failed attempts at many companies. So either that statement is a lot of wishful thinking, or something really is different. If so, I wonder what?
If I remember these stories right, vendors like Rockwell and Siemens were involved in promoting these groups. I remember a Rockwell source shrugging it off, saying, "It's not that hard when you get everyone together."
Rob, that's an amazing change and a long time coming. Hard to believe it's actually happened. I can believe that there's a goal like "taking the side of the company and not the side of control or IT." That reminds me a bit of TQM efforts years ago: it requires a huge change in corporate culture and is not easily done. Any idea how the actual change was implemented, not in the technology, but in people's behavior and minds?
Are they robots or androids? We're not exactly sure. Each talking, gesturing Geminoid looks exactly like a real individual, starting with their creator, professor Hiroshi Ishiguro of Osaka University in Japan.
For industrial control applications, or even a simple assembly line, that machine can go almost 24/7 without a break. But what happens when the task is a little more complex? That’s where the “smart” machine would come in. The smart machine is one that has some simple (or complex in some cases) processing capability to be able to adapt to changing conditions. Such machines are suited for a host of applications, including automotive, aerospace, defense, medical, computers and electronics, telecommunications, consumer goods, and so on. This discussion will examine what’s possible with smart machines, and what tradeoffs need to be made to implement such a solution.