I have worked for an equipment OEM for more than 20 years, and I have become a staunch proponent of networking the manufacturing environment such that we realize maximum efficiency from the same. That is not to say that I am unaware of the security implications of doing so. Rather, I believe the gains far outweigh the risks when such networking is done properly and securely. I especially like the model where the individual control systems collect and forward data to a “disinterested”, i.e. uninvolved central server for storage. The data storage usually includes some form of a relational database allowing that nonmanufacturing system to sort, parse, analyze, present, and finalize for release.
Very few manufacturing processes can exist in isolation, and even fewer can do so efficiently. Intelligent decisions rely on underlying data, presented in ways so that ambiguities are absent, while in a form that fosters intelligent decisions. However, in order to have data available we must routinely and consistently collect, validate, process, and store it. We can’t afford the burden of performing these tasks manually. We must rely on computer systems to do that work.
Therefore, we must network systems—industrial control systems, too —in order to bring the data collection notion from an idea to reality. My experience as an OEM is that those in manufacturing do not want the information technology folks muddling around in their systems; nor do the techies want the manufacturing equipment networked on their hardware and infrastructures. Subsequently, each group walls off its perceived territory, ultimately creating an environment where both sides often forget they’re on the same team.
If we want to remain competitive, we need to build a door in that wall. I have heard many arguments supporting the “you cannot do it safeli guesy” mantra, and I have read more than one argument that legislation is required in order to ensure that these critical systems are safe. Since building and maintaining safety in computer systems is difficult, many simply use those sorts as arguments to avoid ever trying. Then, the machines and systems remain data islands and they rarely, if ever, serve to their fullest potential.
There are solutions dedicated to solving the problem of protecting critical systems while allowing a data stream to flow outwardly from them. One fine example is the DataDiode from Fox IT. This is a simple, yet elegant solution. Data is produced, it cannot be consumed, and therefore the threat model is reduced to only an internal one. (An internal threat model always exists, whether or not systems are connected.)
That aside, what I am asking for is the factory floor and information technology to get on the same side of the wall and work together. Simply buttoning up your area and hunkering down behind the wall isn’t the answer. I’m asking for us to share resources, knowledge, and solutions. When we work together, we will all learn, create more effective solutions, and share in the benefits of the same.
About The Author
Jack serves as the Chief Electrical Engineer for Filamatic. He loves new technologies and routinely engages in automation projects of varying sizes and complexities.
He can be reached at: Jack.Chopper@filamatic.com or you can find him on Twitter: @JackChopper
The following article can be seen at: http://www.pharmaceuticalonline.com/Doc/information-and-automation-let-s-work-together-0001