Ann, vendors from companies like Rockwell and Siemens say that this arrangement has effectively solved the problem of the conflict between control and IT. The goal apparently is for everyone to take the side of the company and not the side of control or IT.
Sometimes it is important to install patches in a timely manner, particularly if a new expoit is a zero day. So it boils down to this: A hacker or an exploit takes down your plant. Who are the executives and shareholders going to lynch, IS or the plant management? I can tell you it will be IS, and the argument will be that IS didn't explain the urgency clearly enough (which they did, but were ignored), and that IS is ultimately responsible for computer security.
Cabe, this problem will grow as plants continue to shift to wireless devices. It's one thing to protect a wired network, but a wireless network is even more vulnerable. Wireless is attractive because is costs less and you can put a device in places where it's hard to run wire.
One of the clashes between control and IT is that IT wants to update the patches more often than control has scheduled downtime. So, to meet IT's desired updating, control would have to shut down the plant more often.
I see your point, AnandY. The mandates of IT and control are absolute. For IT, no security breaches. For control, no downtime. I've heard vendors talk of peace between the two when a committee is set up to solve these issues and both IT and control are represented on the committee.
At least when IT takes down services to install patches, it should be a scheduled maintenance period. Hackers don't care about schedules. I'd rather have a scheduled downtime to install patches than unscheduled downtime because I couldn't. But as I read the article it emphasizes the trend that users are pushing technology into the work environment without understanding the implications. IT must have time to evaluate the risk and do what they can to minimize it. If it cannot be eliminated completely, IT needs to communicate their concerns to management. Then, if management decides to sign off on the risks, IT has done their due dlilgence and responsibility now rests on management. But again, IT must have time to research and test the technology in their environment. This is no different than the standards of good manufacturing and design: R&D and QC.
Working a truce between the IT and control department seems logical but I think it is more theoretical than practically possible. If the teams couldn't work out an understanding on their own I don't see how they will when sat down together on a round table. Their mantras dangle on the opposite sides of the seesaw thus for the prosperity of one the other will have to take a blow in the neck.
Point well taken, Digerati Ohm. But it works both ways. IT has to understand the plant can't shut down in order for IT to install a patch at 2:00 am. That works for the office PCs, but not for the plant PCs if the plant runs 24/7. I think both conrol and IT have an issue with outside devices. But often the clash between IT and control doesn't have anything to do woth outside devices. it has to do with conflicting mandates.
Truchard will be presented the award at the 2014 Golden Mousetrap Awards ceremony during the co-located events Pacific Design & Manufacturing, MD&M West, WestPack, PLASTEC West, Electronics West, ATX West, and AeroCon.
In a bid to boost the viability of lithium-based electric car batteries, a team at Lawrence Berkeley National Laboratory has developed a chemistry that could possibly double an EV’s driving range while cutting its battery cost in half.
For industrial control applications, or even a simple assembly line, that machine can go almost 24/7 without a break. But what happens when the task is a little more complex? That’s where the “smart” machine would come in. The smart machine is one that has some simple (or complex in some cases) processing capability to be able to adapt to changing conditions. Such machines are suited for a host of applications, including automotive, aerospace, defense, medical, computers and electronics, telecommunications, consumer goods, and so on. This discussion will examine what’s possible with smart machines, and what tradeoffs need to be made to implement such a solution.