Should securing your network follow the model of securing your plant? Most factory security guards that I’ve encountered don’t work for the company that owns the factory; they’re contracted. Should you contract securing your network? You probably contract at least some of your automation engineering to a System Integrator. Is this any different?
This line of thought was sparked by a presentation at Electro-Matic’s Tech Tipoff last week. Electro-Matic is a long-time distributor member of PI North America. They invited me there to present a session on PROFINET, of course, but I had time to sit in some of the other presentations. One of them, by Siemens’ Marty Jansons, introduced a new service that provides security assessments with the follow-on possibility of contracting network security. The assessment process reminded me that network security is not just about the technology. It’s also about physical security, security processes, and training the people. I’m convinced that the most common attack vector is the post-it note – the one the operator stuck on his monitor with his username and password on it.
What is your conclusion? Would you contract out network security?
If you have to go the DIY route, don’t panic; help is available. There are many places to get help, including the brief security session at our PROFINET one-day training classes. In those classes we present this list of additional resources:
- Automation World/Belden webinar
- Control Engineering: Were you just hacked?
- www.isssource.com
- www.SCADAhacker.com
- Eric Byres’ blog
- “Protecting ICSs from Electronic Threats”
- us-cert.gov/control_systems
- MacAfee
- PROFINET Security Guideline
The PROFINET Security Guideline was recently updated and now includes the latest thoughts on protecting your network with technology.
–Carl Henning