Thursday, February 4, 2010

My thoughts on securing your plant systems

Security, not your first concern as an industrial integrator or plant manager. Availability ranks numero uno. Got it! Your company loses $30k/hr during plant downtime. Got it! Plant workers are not exactly NSA hacker material. Got it! So why is security important? Look at those reasons again and above all, safety. Consider that your legal liability in court costs more than downtime. Do you want a disgruntled employee to shut down the factory on your watch? It is incumbent upon you as a professional to demonstrate due care. We're not worrying about international hacker rings or bored young college geniuses. Accidents occur and insider attacks are possible.

It's 2010 - many systems end up touching the Internet or outside world somehow, whether you like it or not. Common practices in the 90s, like allowing users to share passwords are unacceptable - that audit trail is a must. Having PLCs on the same network as office computers - professionally irresponsible. Your company uses 25 year old hardware that was never designed for security - it's up to you to isolate that network. Provide access with a "hardened" dual-homed (2 network cards) computer that is patched and protected by a firewall. Utilize VPNs, DMZs, VLANs, SSL, IDSs, and anything else in your IT department's arsenal. They know how to secure a network - it's their job. Gone are the days of operating behind their back, not letting them touch anything for fear that updates will break your system. Pick a vendor that IT will support. Practice Defense in Depth. Let them help you. It's 2010. Embrace positive change!

No comments: