Manufacturing Lack of Cyber Security
During media interviews (more accurately mini-presentations) in November at Rockwell Automation’s media/analyst day “Automation Perspectives,” Sr. VP and CTO Sujeet Chand met with us individually along with several managers from Cisco Systems to discuss cyber security. This marks at least the third year where Chand’s role was to explain the Cisco/Rockwell relationship.
I’ve been thinking about the presentation for the past couple of weeks (OK, except for during Christmas). When they broached the idea of cyber security, I jumped to a conclusion about how thinking about security would lead engineers to more thoroughly thinking about their overall network leading to overall improvement in manufacturing.
What they seemed to be actually saying was much less than that. The message seems to have been about engineers should actually begin thinking about their network architecture.
Suddenly it dawned on me what the problem was that they were trying to solve. Automation engineers are evidently just cobbling together Ethernet networks in their processes and factories with no thought of network cyber security. But they will start—and buy some Cisco/Rockwell managed switches and security services. (Sorry, I don’t mean for that sound cynical. What they do is sell products and services to help their customers succeed.)
There has been NO thought to cyber security!?
They evidently thought that even with the several years of intense media coverage of security holes in SCADA and other processes engineers were still not taking security into account.
If that is true, then we truly need the new generation of computer/networking/security-savvy engineers (millennials?) now.
I know that one of my problems is jumping ahead. Companies will show me a new product, and I’ll immediately start thinking of all the uses and potential additions.
Any engineer who has not been building in some defense in depth and getting help from IT about security policies needs to be trained or replaced. We’ve known about this for at least five years.
Going back to re-engineer (or engineer intentionally for the first time) the factory network, should lead to significant improvements in the automation system, information flow, and ultimately manufacturing profits.