HOME  |  NEWS  |  BLOGS  |  MESSAGES  |  FEATURES  |  VIDEOS  |  WEBINARS  |  INDUSTRIES  |  FOCUS ON FUNDAMENTALS
  |  REGISTER  |  LOGIN  |  HELP
Comments
View Comments: Newest First|Oldest First|Threaded View
<<  <  Page 3/7  >  >>
Digerati Ohm
User Rank
Silver
Why does it have to be a war?
Digerati Ohm   7/25/2013 3:10:51 PM
NO RATINGS
The people in IT are tasked with keeping company data safe.  A problem arises when users fail to take into consideration the risk that unsecured devices can pose.  When IT tells them that they need to time to research securing such devices the end user gets upset and complains that IT is being difficult.  In my experience, IT does not start the "war", it is the end user that is trying to introduce an insecure device into the environment.  Generally, IT is not given sufficient time to evaluate the device because the end user wants it NOW!  The iPhone was a consumer device which was unsecure when it was introduced into the market.  At that time Apple was very uncooperative with issues dealing with security.  It was only after the IT departments in companies that were concerned about sensitive data starting pushing back that Apple finally started addressing security issues.  IT is here to protect the end users from themselves.  End users do not understand the implications of bringing untested technology into the environment.  We all like to have police officers around except when we get a speeding ticket.  Let your IT department do their job and protect your company.

Ann R. Thryft
User Rank
Blogger
Re: 3 levels to the plant
Ann R. Thryft   7/17/2013 12:37:00 PM
NO RATINGS
That sounds like a great start. Any idea how it's working out? Or is the effort still too recent to produce tangible benefits?

Rob Spiegel
User Rank
Blogger
Re: 3 levels to the plant
Rob Spiegel   7/17/2013 10:57:51 AM
NO RATINGS
Some plants have worked out a truce between IT and control by creating a team that includes representatives from both sides. 

Charles Murray
User Rank
Blogger
Re: Bring down a line? Or the whiole plant?
Charles Murray   7/12/2013 6:45:32 PM
NO RATINGS
I'm not sure of the relevance of the comment I'm about to make, but...I was recently researching a slideshow on engineering criminals and was amazed to discover, not only how young some of the best hackers were, but also how few of them had engineering backgrounds. In fact, the majority had only high school educations.

Ann R. Thryft
User Rank
Blogger
Re: 3 levels to the plant
Ann R. Thryft   7/9/2013 6:49:29 PM
NO RATINGS
Rob, thanks for reporting on these complex, interesting and longstanding problems. I'm referring both to the security issues and to the IT/control "dialogue," to put it politely.

Thinking_J
User Rank
Platinum
Re: Bring down a line? Or the whiole plant?
Thinking_J   7/8/2013 9:12:07 PM
NO RATINGS
tool_maker...

I agree with you. People need to think about their use of technology, before creating life style choices and communications methods based on poor premises.

Sometimes an email .. even across the room.. can help document and clarify an issue within an organization. Other times , it is just a poor substitute for talking.

People need to choose the right tool for the job.

Before anyone down loads and uses a smart phone app... think! (about all the implications/consequences).

Trustworthy employees, educated to think about security and appropriate use of technology.. are likely the most important security features a facility can have.

Trying to provide additional security via standards is a noble idea. Doomed to failure without trustworthy and educated employees in place.

 

I digress a bit here.....

Much of corporate America has been trained NOT to trust their employees. Reasons are many, but biggest is because much of upper / middle management are not trustworthy themselves.

example:

Good or Bad...  NSA has to trust subcontractors like Eric Snowden for their networks. Let's face it .. the best IT administrators generally don't come with military backgrounds (with ideals similar to NSA, CIA, etc...with loyalty to their oaths). In fact, a large portion of network security specialists come with anarchy (hacker) back grounds (independent ideals trump oaths). NSA seeks out new employees at hacker conventions!

The NSA needs and hires these people assuming they can control them (don't they think like us?).

Yea... I don't like generalizations either... but you get the basic idea.

Facility security conflicts will not be resolved with technology alone. Resources should be applied to bigger issues (people)  .. before being applied to the lesser (technology).

It is a similar situation with large facilities management. And not any easier to resolve.

 

Tool_maker
User Rank
Platinum
Re: Bring down a line? Or the whiole plant?
Tool_maker   7/8/2013 7:07:54 AM
NO RATINGS
  You obviously know more about this stuff than I do. I tell people, "I know how to do what I know how to do on a computer and everything else is witchcraft."

  However, it is apparent that the more we depend on computers to replace things which were once done on paper, the more these sort of problems will exist. I do not want to return to the days of old, but when I see two employees e-mailing each other across a vast chasm of 20-30 feet, methinks this is a ridiculous use of technology. When my wife and kids spend 30 minutes or so texting each other information that could have been handled in a 45 second phone call, it bothers me. When some company has their payroll handled in India because a saves a few bucks, I am not sympathetic when their bank records get hacked.

  You are right in that I do practically nothing in which anyother company would be interested and the only hacker I need to worry about is some kid fooling around. I cannot say that I am disappointed by that.

Thinking_J
User Rank
Platinum
Re: Bring down a line? Or the whiole plant?
Thinking_J   7/5/2013 5:29:07 PM
NO RATINGS
Tool_maker....

While I agree that a wired, closed system is likely more secure than a system with internet access or wireless access.. It isn't really that much more secure from a disgruntled employee (my earlier point). Or if you really have a high value target (for industrial espionage or military).. physical barriers can still be breached without notice.. if the incentives are high enough.

And just because Stuxnet was exposed .. this didn't do ANYTHING to eliminate it. It cannot be easily removed from the MILLIONS of computers infected with it (it resides on the motherboard , not the hard drive). And why bother to remove it? It doesn't do anything unless you are running centrifuges with Siemens controllers. It is VERY possible you viewing this on an "Stuxnet infected PC". Do you really know the source of your BIOS? Do you verify your CNC machining centers to be free from hidden access codes? Most motherboard manufacturers use a handful of BIOS suppliers, regardless of PC brand. And the BIOS suppliers? They use programmers from all around the world.

Just because a "system was defeated once" .. doesn't really mean anything in protecting against it in the future in this case. It is beyond many manufacturers of equipment to really review ALL of the code in their machines. They buy device drivers, RTOS, bios, etc.. because the complexity is beyond their ability or the price is right. Should the world require ALL code be re-written by each company making equipment?

Are you prepared to test the security of all the devices on your internal network?
Do you have access the the source code for all your equipment?

Can you say you have access to the quality of manpower required to do this job when there is a world of professionals trying to break in - undetected?

The reality: You really don't know how secure your facility is.

The likely situation? Your facilities real security resides in the fact, it is not a worthy target for professionals...

Which leaves you protecting your facility from curious kids or disgruntled employees..

The solution is deny yourself and employes possible methods of be more productive (smart phones/remote access)?

That may be reasonable for a some facilities. Not so reasonable for others.

Those responsible for a facility need to understand the issues, trade offs, risks and actionable items .... regularly.

Rob Spiegel
User Rank
Blogger
Re: Standards
Rob Spiegel   7/2/2013 2:58:24 PM
NO RATINGS
I agree, Notarboca, that standards can be more of a problem than a solution. The WIB certification may be of some help, but it's still an unknown. Meanwhile, plant systems are becoming increasingly open to outside technology

Rob Spiegel
User Rank
Blogger
Re: 3 levels to the plant
Rob Spiegel   7/2/2013 2:52:59 PM
NO RATINGS
Thanks TJ. That remote access, however, is still a vulnerability. So far IT and control managers are not playing well together. Their priorities are in direct conflict. It will be interesting to see where this goes in the future.

<<  <  Page 3/7  >  >>


Partner Zone
Latest Analysis
This Gadget Freak review looks at a cooler that is essentially a party on wheels with a built-in blender, Bluetooth speaker, and USB charger. We also look at a sustainable, rotating wireless smartphone charger.
Texas Instruments is rolling out a new microcontroller that could make the design of sensor networks and data logging systems simpler and less costly.
Made By Monkeys highlights products that somehow slipped by the QC cops.
From pitchers and forwards to quarterbacks and defensemen, we offer a peek at some of the more memorable engineers in sports history.
IBM announced it is dedicating $3 billion of funding over the next five years to research and development of new processor technologies.
More:Blogs|News
Design News Webinar Series
7/23/2014 11:00 a.m. California / 2:00 p.m. New York
7/17/2014 11:00 a.m. California / 2:00 p.m. New York
6/25/2014 11:00 a.m. California / 2:00 p.m. New York
5/13/2014 10:00 a.m. California / 1:00 p.m. New York / 6:00 p.m. London
Quick Poll
The Continuing Education Center offers engineers an entirely new way to get the education they need to formulate next-generation solutions.
Jul 21 - 25, Design Products With Bluetooth Low Energy
SEMESTERS: 1  |  2  |  3  |  4  |  5  |  6


Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.
Next Class: August 12 - 14
Sponsored by igus
Learn More   |   Login   |   Archived Classes
Twitter Feed
Design News Twitter Feed
Like Us on Facebook

Sponsored Content

Technology Marketplace

Copyright © 2014 UBM Canon, A UBM company, All rights reserved. Privacy Policy | Terms of Service