Is Solving World Hunger Easier than Working with Plant IT Security?

by | Oct 11, 2010 | Control & Safety Systems, Cybersecurity, Event | 0 comments

A provocative title to be sure, this was the title of a workshop given at the recent Emerson Exchange by Emerson’s Bob Huba and James Robinson. You may recall Bob from earlier cyber security-related posts. James is a member of the Emerson corporate IT team and is steeped in the knowledge and perspectives of IT professionals.

The Industrial Safety and Security Source blog captured their workshop in a post, Emerson: Security Starts with Talking. A focus of this session was to highlight the different perspectives process manufacturers’ IT teams and plant operations teams have when it comes to security. These different perspectives lead to much of the conflict that exists between these organizations at many plants.

Bob and James performed a role-play with Bob representing plant operations and James representing plant IT. In the ISSSource.com blog post, Bob sums up a key difference:

In the IT world, they want confidentiality and they are not as worried about availability… I want high availability and am not as worried about confidentiality.

James noted another important difference with respect to lifecycle:

IT works faster. In four to five years (in a non manufacturing environment), you will have a new system, but a control system will be around for 15 to 20 years.

During their role-play, they highlighted everyday issues that can lead to interdepartmental conflict:

…such as patch management, scanning the system, antivirus/anti spyware software, penetration testing and hardening the system…

The solution is to sit down and talk to understand each department’s perspectives. This is not an overnight process, but it is critical to find common ground to satisfy the availability needs of operations and the confidentiality and security requirement of IT. These discussions should lead to the creation of:

…standards, policies and procedures so there is a plan in place so everyone can follow on the same page.

Part of the process in creating a security-minded culture to address the ongoing threats posed by viruses, worms, malware, and other challenges is to create these necessary communications paths. The role-play by Bob and James helped to expose their workshop attendees to these different perspectives and hopefully a bias for action for creating or improving the necessary security policies and cultures.

Popular Posts

Comments

Author

Follow Us

We invite you to follow us on Facebook, LinkedIn, Twitter and YouTube to stay up to date on the latest news, events and innovations that will help you face and solve your toughest challenges.

Do you want to reuse or translate content?

Just post a link to the entry and send us a quick note so we can share your work. Thank you very much.

Our Global Community

Emerson Exchange 365

The opinions expressed here are the personal opinions of the authors. Content published here is not read or approved by Emerson before it is posted and does not necessarily represent the views and opinions of Emerson.

PHP Code Snippets Powered By : XYZScripts.com