By the time this column goes to press, perhaps more “essential” workers will have returned to the workplace and resumed normal duties. But chances are, unless your enterprise has a huge contract for hand sanitizer or facemasks, your funding for even modest investments may be limited or on hold. Meanwhile, there's no shortage of opportunities to “detail” your plant.
No list of oft-neglected or procrastinated activities would be complete without mention of cybersecurity. In many environments, updates are a somewhat risky and cumbersome/unwelcome disruption to operations, whose workstations can be offline and unusable for an hour—more if things don’t go well. Are you committed to invoking a virus scan on some interval? Getting access to keyboards and mice while “social distancing” poses some challenges as well—maybe you're configured and licensed for “remote desktop” sessions, or your operator interface is virtualized anyhow. Remember that even virtualized machine boxes need updates. We should avail ourselves of any chance to prove our upgrade/update procedures on offline systems, or when there’s minimal risk to operations.
While you’re tending to all those Windows patches and virus signature updates, don’t neglect other chances to harden your system and shrink holes in the “Swiss cheese slices” of your layers-of-protection. I learned the other day, working through a long list of security alerts and recommendations, that patching a vulnerability to “Heartbleed” and “Spectre” exploits involved a BIOS update to our Windows servers and workstations. When I looked it up, I found we were still on an old BIOS, and the update (from 2018) was marked “urgent” on the vendor’s website. The BIOS update alone doesn’t close the hole, so check with your systems’ vendor and hardware supplier to ensure you’re up to date.
Physical security can often be enhanced without a huge capital outlay. For example, can physical cabinets or rack areas be locked (or locks added to them)? Can unused USB ports be physically blocked, or disabled through “Group Policy” settings? Are DVD drives still active or accessible? Ethernet switches can be unwelcome portals to your system, and might be an inexpensive upgrade, both for speed and security. It's not uncommon for Ethernet switches to have firmware updates that address both security and reliability.
Tending the field
While it seems like every cybersecurity rock we turn over has another bug underneath it to squish, spend some time in the field as well. When a field device needs maintenance, are its interactions all documented? Measurements get repurposed or utilized in advanced controls or neural networks, perhaps. Some get used for pressure and temperature compensation of flows. The systems engineer can likely see this from the engineering interface, but it’s not always obvious to the operator or maintenance tech—until the device is pulled for maintenance. Consider how to make these interactions visible and seek out those that have crept into the configuration.
What about the physical security of devices and their wiring? Can they be easily accessed and changed? Even though maintenance workers may be dismayed, it’s good to recognize that enclosures only achieve their rating (i.e. NEMA 4X, explosion proof, etc.) if all their fasteners are engaged/torqued. Interconnecting conduit or cables should likewise be fitted with seals, drains and drip legs in a manner that conforms to the code requirements for the enclosure contents. Good physical security shrinks the Swiss-cheese-holes somewhat, for unauthorized changes to field devices.
It can be worth checking if field device configurations are in sync with the system. Are you taking a square root twice, or not at all? Is it still a Type J thermocouple or a four-wire RTD? Does the configured 4-20 mA range match the system? Where you find discrepancies, see if their source can be identified and consider procedural or training changes that aim to eliminate it.
Oh there’s more. Stay tuned to ponder more opportunities to give your system some polish where you might have missed.
