- Management puts policies in place that describe how employees are expected to comply with processes and procedures.
- Employees follow the policies.
Outside the Walls
You can't ignore potential external computer attacks. One way to prevent them is with a corporate data collection system separate from the manufacturing automation system. This keeps corporate intranet or Internet data traffic from directly accessing the control network.
An external data collection system allows all employees on the corporate IT system to access manufacturing data without the risk of interrupting the manufacturing automation system.
If direct access to the manufacturing automation system is desired instead of indirect access through the separate data collection system, then workers should follow strict system security policies.
The Security Czar
No hardware or software can prevent an attack. Security requires operational procedures, passwords, levels of access, approval processes and security rules.
You can appoint a “security czar” who's given the responsibility for automation system security, the authority and budget to carry out the task, and strict accountability for security enforcement.
Maintaining security on a manufacturing automation system is a full-time job that requires vigilance, and it deserves a corporate commitment to ensure the protection of your intellectual property.
Top Security Defenses
- Allow access to the manufacturing automation system only through a firewall.
- Develop a plan for allowing vendors to access their equipment remotely only under your direct supervision.
- Lock up the hardware. Put all control system equipment, such as servers, routers and disk drives, in locked cabinets in a locked room and limit access.
- Appoint a Security Czar with sufficient authority, power, budget and accountability.
- Develop a control system security policy backed by senior management. Enforce it.
- Develop a disaster recovery plan to get your plants up and running after a security incident.