Thanks, Rob, a clear summary of the tensions between IT and the factory floor on this subject. Not only does connectivity and these conflicts affect a local network because of 24/7 use, it also affects everyone around the world in different time zones. Many times I'm accessing a website to make a purchase or to find out financial account data, and because it's on a Sunday or after 5 PM in someone else's time zone, I get an error message saying they're doing a security update or other maintenance.
If the company has to ask, is the network safe, it probably isn't. The only way to keep it safe is to remove outside connectivity in any way. But that doesn't stop the disgruntled internal ne're-do-well. All a company can do is stay current and respond to industry warnings. If in the process something else fails... what can be done? Isolation is the key.
There has never been a case of medical implant hacking, but it became a major panic for the med sector recently. Now they scramble to find solutions. Companies pop up to handle the phantom threat. In this case, is it really a concern? Or is it a case of better safe than sorry?
Me too, Charles. In the old days at the semiconductor company I worked at, as a member of test engineering I was also expected to help with keeping everybody's computers up and running. We never thought much about network security beyond the barebones administrator privileges. With the increase in interconnectivity and establishment of IT departments, computer security has become so much more than guarding against a virus attacking your computer - so much so that some companies have gone to the extreme. I have a friend that works for an engineering company and he can't even download datasheets because of the security settings by their IT department. If there is no activity on his keyboard for longer than five minutes it automatically logs him out. It would be nice for companies like that to adapt different strategies where the network is kept secure but the employees can still access the data they need. I am surprised to read that disgruntled employees are feared the most - I would think it would be unethical competitors...but then the disgruntled employees that leave may become the unethical competitors. It always astounds me how much time and energy people devote to such a destructive and dishonest practice as hacking, often with no logical return except for the accomplishment they feel in being able to do it - if they directed their energy to honest productivity they would be so much better off...
Yes it is a good question, Chuck. When plants were silos, safety wasn't a concern. That has really changed in recent years. Plant networks now connect out to ERP systems and supply chain partners. Another thing that has changed is the use of energy. Ten years ago plants didn't care about energy savings. Wow, has that changed.
Yes, Ann, in successful deployments now, many companies are creating these IT/control teams. Some of this comes through vendor encouragement. Apparently, these teams have been successful at reconciling the needs for 24/7 plant uptime and IT concerns over security.
It seems to make sense, Ann. Yet I think the struggle between control engineers and IT folks is fairly recent. For decades, the plant floor was run on networks that were not linked out to the company's back office and supply chain. As for these teams that include control and IT, a lot of that movement seems to have come from vendors as a suggested best practice.
Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.