Think again. So many people are “computer literate” these days that almost anyone on the factory floor can add games and other kinds of illegal and unauthorized software to your automation equipment. And the results can be far worse than simple time wasting.
Ask Mike Atty, technical support analyst at the Fenton, Mo., Daimler Chrysler plant (www.daimlerchrysler.com). The plant has some PCs that control factory floor production equipment, for example, robots. PC support personnel started to notice many support calls to restart the machines when the PCs locked up. Further investigation uncovered the reason. Unauthorized games on the machines overloaded the computer’s memory, causing the PC to shut down. These games not only cost support time and money, they also shut down production. Atty reports to the information technology (IT) management department, but he works closely with controls engineers in the factory.
Searching for a solution, Atty called corporate IT. While they didn’t have a solution that would work for him, he did get the name of another plant that was using a product from Apreo Inc. (www.apreo.com), Newport Beach, Calif. A phone call later, Atty was convinced that he had a workable solution at hand. He visited the company’s Web site and downloaded the application. Apreo offers a free trial edition, so he tried it.
Atty explains, “ApreoFlex not only monitors illegal software and games, but it cleans them out, too. You have several options in operation. The product loads on the server, you configure it and set parameters, such as where you run applications. When users log on, a small client application loads on their PCs without their knowledge. In fact, users may never know that the application is running unless they are using illegal games. When they try to run the illegal games, they’ll discover that they have been removed.”
Apreo maintains an extensive database of games and searches by file signature. What Atty likes is, “Not only does it have a listing of most popular or recent games, they update it, too. And you can also create your own list of executable files that you can check. So, you can do not only games, but also other illegal applications. You can also specifically exclude people, such as non-technical managers, from executing certain files.”
Well, it solved the problem for a while, but then the users caught on. Atty relates, “Users are quite creative. They figured out that certain executable files were being deleted, so they tried a number of things to get around their problem. They renamed files. They tried daily back up and restore of the system. ApreoFlex found the renamed files on the next scan, but Atty wanted to find out who was trying to trick the system. Because these PCs were on the factory floor running production and basically on 24 hours per day, it was hard to trace log on information. So, one step we quickly took was to enforce log out and log on policies. That way we could trace back and see who was loading the problem software.”
ApreoFlex is a small application that installs on the server and resides as a layer within the overall security system. Atty says that it was very easy to install. He also discovered that the program allows him to easily pull information off the PCs, such as who logged in and when, what was loaded, what was cleaned from the system. “We could identify who was abusing the system and then work through the Human Relations department to rectify the situation.”
Apreo’s President, Jerry Periolat, suggests that users first determine appropriate uses of the computer and publish policies enforcing them. “We have heard from customers who have reported several near misses because, after spending a lot of money for manufacturing software that will alert operators to problems in the machinery, the operators were playing games that superceded the screens and missed the alerts.”
So, while that occasional game of Solitaire might just serve as a relaxer after a nasty phone call, unauthorized software on the factory floor can have potentially disastrous consequences.
Gary Mintchell, firstname.lastname@example.org