Rob, this is a terrific article; it points out a continuing significant problem.
The better Etherenet arcitectures I've seen have an outer office-type network that is connected to the internet, a middle level used for supervisory control of the plant, and an inner for machine level control.
IT departments will have to become more agile. Our continuing trend of doing more with fewer people REQUIRES this.
Last week I was in a plant which had a SCADA server stop communicating with plant-floor HMI terminals. The engineer most knowledgable about the servers was out of the building, but used her smart-phone to remotely reboot it and get the floor functioning again.
Her plant did have very good security yet permitted the flexibility of remote access which permitted rapid response to problems.
Rob, proper security would end her access upon her termination of employment. But that problem isn't limited to remote access. A disgruntled IT employee can cause far more damage from within than without. That is a completely different problem.
Good point, TJ. But I do remember that when I asked what was the greatest threat to plant security systems, time after time, I heard, "A disgruntled former employee. One threat I heard less frequently -- but seems to me a bigger threat -- is the inadvertent attack from a malware bug that enters the system when an employee loads some music onto a workstation.
What a great article. This really points out the serious security threats posed by the plant's connection to the ERP system. Recently, we've heard a lot about theft of corporate intellectual property in big companies. But stuffing documents in a brief case will soon be passe. This is much scarier.
Web browsers on smartphones have gotten a lot better, but the web is a major source of malicious code. With a small screen of smartphones, it's more difficult for users to detect that a site is a phishing site. The malware can then be transferred onto the network from the phone.
Some smart phones OS bypass security mechanisms for user's convinenece. This makes it a lot easier and less frustrating for smart phones to connect to any plant's devices, but it also defeats the purpose of those security measures.
Most of the smartphones users connect to public Wi-Fi. If users connect their phones, containing company information, to an unsecured Wi-Fi network then a real security issue is created. If the same smartphone is connected back to the corporate network over a public Wi-Fi network, it could put the entire company network at risk. Users should be required to connect to the company network via an SSL VPN, so that the data traveling between the phone and the company network will be encrypted in transit and can't be read if it's intercepted.
Many corporations that allow employees to use their own mobile devices at work implement a BYOD security policy. BYOD security can be addressed by having IT provide detailed security requirements for each type of personal device that is used in the workplace and connected to the corporate network.
IT may require devices to be configured with passwords, prohibit specific types of applications from being installed on the device or require all data on the device to be encrypted. Other BYOD security policy initiatives may include limiting activities that employees are allowed to perform on these devices at work like email usage is limited to corporate email accounts only.
Festo's BionicKangaroo combines pneumatic and electrical drive technology, plus very precise controls and condition monitoring. Like a real kangaroo, the BionicKangaroo robot harvests the kinetic energy of each takeoff and immediately uses it to power the next jump.
Design News and Digi-Key presents: Creating & Testing Your First RTOS Application Using MQX, a crash course that will look at defining a project, selecting a target processor, blocking code, defining tasks, completing code, and debugging.
These are the toys that inspired budding engineers to try out sublime designs, create miniature structures, and experiment with bizarre contraptions using sets that could be torn down and reconstructed over and over.
PowerStream is deploying the microgrid at its headquarters to demonstrate how people can generate and distribute their own energy and make their homes and businesses more sustainable through renewables.
Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.