As manufacturers create networks to connect shop-floor systems to business processes and inventory, security concerns have followed. When companies connect to the outside world, security becomes even more complicated. Companies are peppering their systems with hard and soft firewalls. The resulting security is a confusing patchwork of plugs and stitches. Many manufacturers don’t know if they’re safe or vulnerable until a new network virus, or worm, shows up and puts the whole system into question. Worse yet, a disgruntled ex-employee cracks into the system to take revenge for a recent layoff.

Some manufacturers are getting wise. They’re starting to look at security as a strategic concern instead of a patch-up-the-leaks job to be handled by the information technology (IT) team in its spare time. “Manufacturers have to think differently about their business processes,” says Jeff Platon, senior director of product and technology marketing for security at San Jose, Calif.-based Cisco Systems Inc. “As they make the connection from shop-floor to spare parts to make sure they have just-in-time inventory, there are security issues.” According to Platon, manufacturers have to go back to basics. They have to determine what’s at risk, and then come up with strategies to mitigate that risk.

There is a growing need for effective firewalls, because networks are more than just communication systems. Now they carry revenue, control the plant and track inventory. “We’re using our networks more for business than technology,” says Chris Calvert, manager of security intelligence at IBM Corp., in Armonk, N.Y. “We’re generating revenue on networks, so attacks are impacting revenue more than they used to.”

Firewall technology has been applied in an awkward manner, because it is usually added after networks are developed and deployed. Firewalls were used to patch the holes in a system that wasn’t built to fend off attacks. “Security follows the evolution of the information,” says Calvert. “It isn’t so much that it’s an oversight, but that users built their IT practices before security was such a widespread need.”

Firewalls are also called upon to manage a growing complexity of needs in an expanding network. Security devices must ward off attacks while managing who can go where within the network. The network, of course, is tied to other internal systems and it reaches out to suppliers and customers globally. Plus, security devices and programs have the double responsibility of blocking attacks and cleaning up any messes left from intrusions. “A firewall is a whole host of technologies now,” says Michelle Araujo, product manager at Symantec Corp., a firewall producer in Cupertino, Calif. “There’s proactive security and technology to clean up after the system’s been compromised.”

History of the worm

The development of firewall technology goes back to days immediately following the surprising appearance of the Morris Worm 15 years ago. The college “experiment” ushered in a nasty new world of crippling viral programs. “The Morris Worm brought down a large portion of the Internet in the late 1980s,” says IBM’s Calvert. “That had a broad impact.”

The Morris Worm was born on Nov. 2, 1988. A Cornell student, Robert Morris Jr., wrote a self-propagating worm program and sent the malicious creature crawling out onto the Internet, where it found a wide-open terrain of naive computers. The worm started replicating and attacking university and military computers much faster than Morris anticipated, leaving catatonic machines in its wake.

Morris panicked and, in a moment of remorse, sent an anonymous message over the network, telling programmers how to kill the worm. By the time the antidote was released, the Morris Worm had burrowed through the networked computers, leaving behind millions of dollars in damage. Since then, there have been many other worm attacks, but most post-Morris demon creators have lacked his conscience.

As viruses keep coming, U.S. companies have finally turned the corner on fighting the damage. A 2003 FBI/Computer Security Institute survey of U.S. businesses found that 98 percent employ some kind of firewalls to protect their computers and information assets. Fifty six percent reported unauthorized use of computer systems in the past 12 months. This is down from a high of 70 percent in 2000. Seventy eight percent identified the Internet as the weak territory, while 30 percent reported unauthorized use coming from internal strikes. As for the culprits, 82 percent of companies pointed to independent hackers, and 77 percent included disgruntled employees among the attackers.

Losses from information intrusions are estimated in the billions of dollars annually. Yet one surprising statistic, from the FBI/CSI report, reveals that the ...