But not all of these tactics are appropriate for the plant. Control engineers have to pick and choose to make sure the network is secure, while also making sure security tactics don’t interfere with availability or safety. “When it comes to applying the tools of IT, there is a lot of stuff you can take advantage of, but you can’t blindly take it without understanding it,” says Todd Stauffer, PCS7 product manager at vendor Siemens Energy and Automation Inc., in Alpharetta, Ga.
Here are some of the security solutions delivered by the IT group—as well as some of the problems that come with these solutions.
• Patches. Because plants are using personal computers (PCs) and Microsoft Windows, patch updates are important. The only problem is that many plants can’t shut down during wee hours when the office patches are being upgraded.
• Demilitarized zones. This is how plants secured themselves in the past. When the plant is cut off from the business, there is little threat. The problem is, plants are more connected to the business than in the past, which makes it more difficult to create demilitarized zones.
• Role-based access. Only those with the need to access certain areas of the network are allowed on. Some companies determine access by job function.
• Password and user management. Similar to role-based access, this involves limiting the number of people who can access the network, and cutting off access the moment an employee is terminated.
• Firewalls. This common type of IT security fights intrusions.
• Virus scanners. This program checks for viruses and worms that can disrupt applications.
To view the accompanying article to this story,"Corporate IT Helps Plants with Security", go to www.automationworld.com/feature-4257
