Let’s talk about how information flows—and where. Most of us think about networking as the mechanism for data flows among our computers and automated control systems. These flows drive and support our key operational business processes day to day. There is another even broader set of information flows we should not forget, but I’ll get to that in a moment.
Ever since Stuxnet, the topic of network security has been top of mind for manufacturing IT and automation professionals. That security breach arose about the time that modern IT technologies were being implemented in production facilities everywhere, in every industry.
Having a robust network where many aspects of cybersecurity are built in was the topic of a MESA webcast featuring Eric Cosman of Dow Chemical and Bryan Owen of OSIsoft. They discussed the top four strategies for cybersecurity that can prevent 85 percent of security breaches on our networks:
- Application white listing. Using both applications and communication firewalls can help ensure information you know you want gets the green light, and other data is examined carefully.
- Patch applications. In MES/MOM applications, avoid known security issues and reduce opportunities for exploiting systems such as buffer overruns, exception handling protection and data execution prevention
- Patch operating system. Servers, clients and older operating systems can all present risks. Windows Server Core is an approach to this.
- Least privileges. Both administrative access to the applications and application access to control systems can present risks, so restricting those appropriately is key.
Developing with the Security Development Lifecycle and using the ISA99 Security standards are important. Addressing security up front is key to allowing information to flow freely when and how it’s needed in the plant operations.
How you know what to do and what to look for is the second major information flow—the information that flows between experienced people in production industries to share best practices and lessons learned. This is where publications like Automation World come in, and also associations like MESA. MESA’s mission is to explain both why and how to use information technologies in production industries.
The cybersecurity webcast mentioned is just one of many where members share their expertise with each other. Having a network of people that you as a professional can call on is the critical foundation for success with the IT and automation information flows.
Ask yourself about the health of your network. In your personal network, the threat is not that someone will gain your knowledge; it’s that they won’t. And you won’t gain their knowledge either. This problem is what causes many projects to fail to gain their full benefits. You don’t know what you don’t know because you are buried in your own company.
MESA members report extreme learning and confidence benefits by having this worldwide network of peers. It’s important that your network is both broad and deep. So ask yourself whether your network of knowledgeable people is:
- From a variety of industry segments. Another industry might have already tackled the issues you’re dealing with now, and could have best practices to share.
- From across control, manufacturing and process engineering, as well as IT, production, quality, maintenance, supply chain, product development, finance, sales and marketing.
- From around the world. Sometimes new innovations crop up in one region that can accelerate learning in another.
Members gain both from receiving and sharing their expertise. Cosman and Owen are great examples of this—sharing expertise and learning from each other and other MESA members. Developing content based on your expertise is enriching, and the collaboration that goes into it boosts your knowledge.
An upgrade in your people network can lead to great ideas about how to upgrade your IT/automation network. And once you do, you can share the knowledge. This is how production industries will thrive.
>>Julie Fraser is Principal of Iyno Advisors and a MESA Lifetime Member (http://www.mesa.org).