Policies, Employees Protect Networks

Try talking seriously about network administration without mentioning security. You can’t, can you?

Aw 4546 Issecurity10

You’ll also find that you’ve got to bring up staff training and having policies to keep networks safe. Human-network interactions surface quickly, too.

 

“Network performance isn’t an issue any more. That’s why security is the main topic now,” contends Tom Edwards, senior technical adviser with automation vendor Opto 22 (www.opto22.com), in Temecula, Calif. He doesn’t think security within manufacturing networks is the real issue, either. It’s threats coming from elsewhere in the company and external to it. 

To defend against and overcome those threats, companies need more focus on human-network interplay, Bob Huba advises.
“People over-focus on hardware solutions, but oftentimes, human interaction is more important.” That doesn’t imply that hardware solutions are unimportant, emphasizes Huba, DeltaV product manager with Austin, Texas-based automation vendor Emerson Process Management (www.emersonprocess.com
). They’re as critical as anything else, he says. But if you forget the human aspect, the technical solutions won’t matter.

For Huba, the biggest bang for a company’s buck in managing human-network interactions comes through policies and personnel training, both of which are “pretty big” in importance. “If you don’t have them, everything else is secondary,” he declares. “And if you’re not being informed of where the dangers are, you don’t know enough to stay away from them.”

For example, companies spend fortunes on firewalls protecting against external threats, while untrained and unwitting staff introduce dangers daily on the safe side of the wall. How so? Plant personnel, whether operators or engineers, may download games or music from the Web, at home, onto jump or thumb drives. They bring those to work, plug them into their desktop computers—“and the next thing you know, they’ve infected their network system,” Huba observes. He adds that in polling DeltaV users about their networks being infected, “they say it’s always from the bottom up, not from the plant system down.”

Having up-front policies and training all employees, from factory floor to executive suite, tops Shae Shayegani’s list of good, simple things that don’t require a lot, but have big payoffs. “These [policies] don’t have to be complex,” says this senior applications engineer with Irvine, Calif.-based vendor Lantronix Inc. (www.lantronix.com). “They could be as simple as: ‘Don’t write your password and stick it on the keyboard.’ ”

Next on Shayegani’s list is simply understanding how well a network is operating. That’s easier today than in the past, he notes, given top-view hardware and software. He predicts that “more exciting stuff is coming out this year.”

Capping the must-do list of Opto 22’s Edwards is segregating information technology (IT) from manufacturing. “Keeping IT networks out of manufacturing and vice versa is the biggest issue facing companies today,” he asserts. “For example, if we have a manufacturing environment in which things have to occur deterministically, then interference by sending a large file over the IT network could present a problem,” he says.

Separate with firewall

How should this and other manufacturing network issues be addressed? “We want multiple networks behind a firewall that separates manufacturing from IT,” Edwards suggests. Shayegani goes further. “Have the factory floor manage its own network. Connect to IT only when necessary.”

But manufacturing and IT still must cooperate. A collaborative approach—considering multiple requirements and points of view—will prove far stronger, more robust and better suited for the environment where the network needs to perform, observes Brian Oulton, Logix/NetLinx business marketing manager for vendor Rockwell Automation Inc. (www.rockwellautomation.com), in Mayfield Heights, Ohio. “Talk to each other—friendly co-existence isn’t going to get you anywhere.” 

 

C. Kenna Amos,

More in Control