Social media: Why engineers should be anti-social

You should hold the line on controlling or even barring Internet access from your process control system.


A recent survey says that IT departments are having arms twisted to relax cyber security rules and allow access to social media sites, such as Twitter or GoogleApps. Such changes are not a good idea for your process control system.

The survey, published by , polled 1,300 IT managers around the world. While these were generally “office” IT applications, the results are something to which process control platform operators should also pay attention. A few survey highlights include:

  • 47% report some users are bypassing security policies to access such platforms;

  • 86% are feeling pressure to allow more access to social networking Websites; and

  • Many lack Web application firewalls.

You may be dealing with some of the same issues. More people want access to Twitter, Facebook, MySpace, GoogleApps, and so forth. While those are useful and appropriate for home and even office use, they have no place on your control system networks.

In April 2007, Control Engineering published an article on 10 control system security threats , as outlined by NERC (North American Electric Reliability Corporation). Looking again at the article, two of the threats apply specifically here:

6. Use of a non-dedicated communications channel for command and control.

This would be the case with Internet-based SCADA. This vulnerability also could include inappropriate use of control system network bandwidth for non-control purposes, such as VoIP (voice over Internet).

“Many IT folks have bought the 'converged network’ line and think it’s OK,” says Bryan Singer, chairman of ISA SP99 committee. “We have seen cameras, VoIP, business systems processing payroll, and a whole host of other issues, cause denial of service conditions on control networks. IT professionals typically look at application performance, and near real time for control is a foreign concept. Taking 300-500 ms extra to receive e-mail or a Webpage is largely unnoticeable; 300-500 ms for control messages or safety messages could be disastrous. Often, what is an acceptable level of saturation or utilization from an IT perspective can spell disaster for controls.”

Kevin Staggs, global security architect for Honeywell Process Solutions, warns that well-meaning individuals can make mistakes about infrastructure since “it costs quite a bit of money to add additional channels, and it’s hard to add infrastructure wiring after the fact. But you really need to understand where the information is and where it needs to flow, and lay out your networks accordingly. Keep the control traffic off the business network and vice versa. Don’t use the same channels. It’s really a bad practice.”

Using the control system for non-control communications, says Bob Huba, DeltaV product manager for Emerson Process Management, “regardless of how much 'extra' bandwidth appears to be available, can only lead to problems getting the mission-critical control information distributed as quickly as possible.”

8. Installation of inappropriate applications on critical host computers.

Most importantly, Todd Stauffer, PCS 7 marketing manager for Siemens says, the control system needs to safely and effectively control the process. “The only necessary applications are those that are directly involved with the control of the process. Additional software programs such as e-mail, games, and media players are not necessary and can make the system vulnerable. To harden the system, it is necessary to remove all unnecessary applications and to prevent new ones from being introduced. Unwanted programs or malware can be introduced any time data is exchanged with the world outside of the control system.”

Marilyn Guhr, marketing manager for Honeywell Process Solutions recalls, “A customer was experiencing slow downs on certain operator stations and they couldn’t figure out what was wrong. The 'problem’ was tracked down to a TV hook-up on the operator station.”

Read the complete article: “ 10 Control System Security Threats

Your control system has one job, and that should be all it does. While connections to larger systems and even the Internet may be necessary for various functional purposes, following somebody’s Twitter account in the control room isn’t one of them.

Read the Control Engineering Cyber Security blog .

—Peter Welander, process industries editor,
Process & Advanced Control Monthly eNewsletter
Register here to select your choice of free eNewsletters .

No comments
The Top Plant program honors outstanding manufacturing facilities in North America. View the 2013 Top Plant.
The Product of the Year program recognizes products newly released in the manufacturing industries.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
A cool solution: Collaboration, chemistry leads to foundry coat product development; See the 2015 Product of the Year Finalists
Raising the standard: What's new with NFPA 70E; A global view of manufacturing; Maintenance data; Fit bearings properly
Sister act: Building on their father's legacy, a new generation moves Bales Metal Surface Solutions forward; Meet the 2015 Engineering Leaders Under 40
Cyber security cost-efficient for industrial control systems; Extracting full value from operational data; Managing cyber security risks
Drilling for Big Data: Managing the flow of information; Big data drilldown series: Challenge and opportunity; OT to IT: Creating a circle of improvement; Industry loses best workers, again
Pipeline vulnerabilities? Securing hydrocarbon transit; Predictive analytics hit the mainstream; Dirty pipelines decrease flow, production—pig your line; Ensuring pipeline physical and cyber security
Upgrading secondary control systems; Keeping enclosures conditioned; Diagnostics increase equipment uptime; Mechatronics simplifies machine design
Designing positive-energy buildings; Ensuring power quality; Complying with NFPA 110; Minimizing arc flash hazards
Building high availability into industrial computers; Of key metrics and myth busting; The truth about five common VFD myths

Annual Salary Survey

After almost a decade of uncertainty, the confidence of plant floor managers is soaring. Even with a number of challenges and while implementing new technologies, there is a renewed sense of optimism among plant managers about their business and their future.

The respondents to the 2014 Plant Engineering Salary Survey come from throughout the U.S. and serve a variety of industries, but they are uniform in their optimism about manufacturing. This year’s survey found 79% consider manufacturing a secure career. That’s up from 75% in 2013 and significantly higher than the 63% figure when Plant Engineering first started asking that question a decade ago.

Read more: 2014 Salary Survey: Confidence rises amid the challenges

Maintenance and reliability tips and best practices from the maintenance and reliability coaches at Allied Reliability Group.
The One Voice for Manufacturing blog reports on federal public policy issues impacting the manufacturing sector. One Voice is a joint effort by the National Tooling and Machining...
The Society for Maintenance and Reliability Professionals an organization devoted...
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
Maintenance is not optional in manufacturing. It’s a profit center, driving productivity and uptime while reducing overall repair costs.
The Lachance on CMMS blog is about current maintenance topics. Blogger Paul Lachance is president and chief technology officer for Smartware Group.