IT Security Still Does Not Get It!

I’m frankly tired of people telling me there is no difference between IT enterprise security and plant level IT security. They can blow on and on about that for all they want, but they can’t prove it. I CAN prove my assertion. Here’s more proof. Today I received a white paper written last October by Freddy Mangum of Fortinet. It is called “Unifying Your Threat Management Practices: A Pragmatic Approach to IT Security.” Nowhere in that paper is any discussion of plant level security. My contention that IT security has a different purpose and emphasis than plant level security is confirmed. “The data center is the heart of your business. Here reside the servers and applications that enable your users to do their jobs,” the Fortinet report states. In process automation, we know that a plant can be operated without any of the data historians and enterprise servers running. The heart of a plant isn’t the servers, it is the control loops that must continue to operate on a 24/7 basis. Most process plants can be operated in local control mode-- by design, so that the control system can fail and the plant will still run. The Fortinet paper is excellent...for IT enterprise security. On page 6 of the paper, they show a graphic that shows everything EXCEPT the plant floor. Here's a similar drawing from their website: