Cyber security: Vendors fight back
New aspects of control system software are reducing the need for manufacturing IT personnel to be security experts.
There is increasing attention by control system vendors to enhance cyber security and operate better in corporate IT environments. This attention is good because cyber threats are not decreasing and, at the same time, corporate IT environments are becoming more protected. While governments have focused on cyber security for “critical infrastructure” industries, such as water, power, telecommunications, and transportation, cyber security also is important for all manufacturing industries.
Some control vendors are using an increasingly popular method of bundling anti-virus and spyware protection with their products. Vendors test the latest version of antivirus software and operating system patches against their software, reducing your need to test and validate security patches and updates. In most cases the operating system (OS) patches are the latest Microsoft patches released on “Patch Tuesday” and are available from the vendor within one or two weeks of the Microsoft release. This gives the vendor time to test all standard configurations. The vendors will then redistribute the patches, executables, and signature (.dat) files that have been successfully tested along with notices of patches or updates that should not be applied. Vendor redistributed patches may also include JAVA updates, browser updates, and Adobe updates if this software is used in their products.
Another cyber security feature that more vendors are offering is preconfigured OS configurations. These are configurations which have unneeded services removed, ports locked, hardware disabled (such as DVD drives and USB ports configured for thumb drives), unneeded applications removed, and security settings preconfigured. These systems reduce the errors associated with the installation of software and configuration of the hundreds of options and services installed with a default OS installation.
While this increased attention by control vendors is a good thing—because it reduces the need for manufacturing IT personnel to be security experts—it does present another set of interfaces for manufacturing IT and corporate IT.
The first issue that often has to be addressed is the antivirus software vendor. Control vendors will pick one antivirus vendor to test and ship with their systems. However, their selected antivirus vendor will probably not be the same as the corporate antivirus vendor. It is important to work with corporate IT to place all of your control vendor’s antivirus vendors on the approved use list. This may be easy in small companies but difficult in large companies because of the number of control vendors used.
Scheduling downloads and patches must also be coordinated with corporate IT. Many large companies will control downloads through a Microsoft Systems Management Server or equivalent. The control vendor patches and upgrades must be set up in a separate domain, subdomain, or OU (organizational unit) so that manufacturing IT can initiate downloads at times that will not impact operations, quality, and safety.
Another new aspect of control software is the increasing use of Microsoft Active Directory and Microsoft domains to control accounts, passwords, and privileges. Managing this information requires careful coordination with corporate IT.
There are multiple options for integrating control domains and corporate domains, but the situation will be complicated if you have multiple control vendors. Check with your control vendors to see if they require a separate domain, if they can operate as a subdomain, or if they can operate in an OU within the corporate domain. Each option provides a different level of local control and different level of corporate oversight.
Increased attention by control system vendors to cyber security and operation within corporate IT environments will help your company. Cyber threats continue to proliferate and operating within a protected corporate IT environment is critical to safe and secure manufacturing operations.
- Events & Awards
- Magazine Archives
- Oil & Gas Engineering
- Salary Survey
- Digital Reports
- Survey Prize Winners
- CFE Edu
Annual Salary Survey
Before the calendar turned, 2016 already had the makings of a pivotal year for manufacturing, and for the world.
There were the big events for the year, including the United States as Partner Country at Hannover Messe in April and the 2016 International Manufacturing Technology Show in Chicago in September. There's also the matter of the U.S. presidential elections in November, which promise to shape policy in manufacturing for years to come.
But the year started with global economic turmoil, as a slowdown in Chinese manufacturing triggered a worldwide stock hiccup that sent values plummeting. The continued plunge in world oil prices has resulted in a slowdown in exploration and, by extension, the manufacture of exploration equipment.
Read more: 2015 Salary Survey