The takeaway was that you can't hide from security concerns under the belief that your equipment isn't connected. The best security is to connect everything and then take active steps to monitor and protect your information.
Most of us probably wish that we didn't have to focus on another issue within manufacturing. With safety, maintenance, changeovers, OEE and the myriad other issues on our plates, we don't need anything else to do. But, either we as controls engineers will address the data security issues on the shop floor or someone else will be anointed to do our job for us. The best approach, no doubt, is a collaborative effort between engineering and IT.
We may be inclined to think that this is only of concern to munitions plants, public utilities and plants that process hazardous materials. Think again. A Fortune 400 snack food company recently published a job search description for a Director of Process & Controls Technology that included in the third sentence the following: " This position will draw upon the expertise of the Information Security Department to maintain state of the art information security". And further into the description of major duties: "... to manage this team in the application and implementation of advanced process & control systems while insuring manufacturing network system integrity and information security throughout the organization. Develop, manage and monitor external process & control interfaces to mitigate security risk." Clearly, information security is high on the list of concerns of this consumer products company.
With the recent NSA revelations, perhaps it will come as no surprise to us that what goes out over the internet is easily monitored. According to Eric, the real surprise is how connected our manufacturing systems are, and we don't even realize it. Add to that the fact that many machine tools, packaging machines and processes are still running versions of Windows XP which is known for its many vulnerabilities, and you begin to see the potential for some real problems. Outsiders could disrupt our operations, steal our formulas, steal part geometry, determine our production rates, steal our software or the software of our machine providers, or hack into our business systems - just to mention a few bad outcomes. Not only do end users need to be concerned for their intellectual property but equipment builders are vulnerable to software pirating by hackers gaining access through a customer's site.
Do you see shop floor information security as a real concern? If so, has your company taken steps as of yet to address these concerns? Share your thoughts with our readers.
