Joe Weiss and I, among others, have been trying for years now to explain the difference between Enterprise IT and Industrial Control System (ICS) IT.
This morning I received a press release from Deutsche Telekom which said in part, "Data protection is a top priority at Telekom."
There it is, in one sentence. The main task and guiding principle of Enterprise IT is to protect the data in the enterprise servers.
The IT engineers and managers do this by disconnecting peripheral devices, like PCs, routers, printers, other servers, until they have isolated the fault, be it an intrusion or an internal oopsie.
Now, look at an industrial process plant or manufacturing facility.
The main mission and guiding principle of ICS IT is to ensure high availability of production control systems.
They care if data is lost because somebody hacked a server, but it IS NOT CRITICAL. What would be critical is a Stuxnet-like or Aurora-like attack directly on controllers or the control system network.
To combat that, nearly the exact reverse procedure is done than the Enterprise IT one. Working control systems are isolated from the network, and kept operational, even if they are infected, provided the infection doesn't damage production systems. If network server data is lost, it is an acceptable loss. You can't just shut down the peripherals, because one of those peripherals may be the assembly line controller, or the unit controller in a refinery. Shutting those down in a non-graceful way can lead to all sorts of interesting occurrences including severe plant damage and even deaths.
As we have been saying for years now, this difference in philosophy has significant ramifications for many things Enterprise IT managers take for granted, like patch management, like anti-virus, and like operating system upgrades.
It falls to us, as ICS professionals to educate our Enterprise IT colleagues...once they understand what we need, they have massive amounts of tools and procedures to assist us-- and not hinder us in our mission: making stuff.
