Though automation personnel and corporate IT share some common priorities, they often disagree over whose standards apply. Automation personnel focus on isolating production on “islands” of automation, believing that segregation helps keep information safe. IT, on the other hand, focuses on security and more open access to business networks and information.
We live in a world of increasing connectivity. Divisions of business that used to operate in isolation must now be integrated with the rest of the enterprise. As an example, business leaders expect to see real-time production information direct from the plant floor to evaluate operations and make business decisions. Data collection and presentation drives business decisions; protecting intellectual property, overseeing network access and assessing vulnerabilities must now be ongoing priorities for all facets of the business.
In this setting, isolation of plant floor automation is no longer feasible. Isolated systems did not require the updates and ongoing evaluations that IT has dealt with for many years; process control can learn from IT here. The idea of “continuous operation” has a different working definition for plant floor automation systems than it does for IT. Network downtime that stops production could represent a financial catastrophe, whereas not being able to access a network printer is a mere annoyance. Both situations affect network users, but with varied degrees of impact. Collaboration and ongoing conversation are no longer optional, but required.
Though it is tempting to apply a blanket IT method to the control systems world, this approach is disastrous. What works for corporate IT may not be what is best for control systems. The first step in the process should be to identify bridges between the two perspectives. Both sides want security that works effectively without getting in the way of business operation. Both sides want a say in decisions,i.e., a sense that their concerns are heard and considered moving forward.
In many companies there are people who understand both perspectives and can speak the language of both sides in ways that promote understanding. Such people, who can function as “translators,” are invaluable. If you can't find this in a particular individual at your company, look for a relationship between individuals that transcends the manufacturing/corpporate IT bias. The strength of a longstanding relationship provides the trust needed to hear and understand conflicting perspectives. If neither of these is a reasonable option, a third party can be brought in, whether another individual to help with bridging the gap in understanding or another company.
Whatever your means of integrating plant floor automation and control systems into corporate IT networks, cybersecurity is a living concern. Security threats and vendor offerings change in very short lifecycles. The conversation is not a one-time decision, but an ongoing collaboration that must be fostered and factored into the business moving forward.
Bret Van Wyk is a program manager for Interstates Control Systems, a CSIA certified member located in Sioux Center, Iowa.