GAM2015.4: Security

Security is always a requested topic for the General Assembly Meeting. This year we had two excellent security sessions:

Network Security and PROFINET – Marty Jansons, Siemens

Marty reminded us that security is not just about the technology used to secure a network; it’s also about people, processes, and procedures.  After a look at defense in depth and other network security techniques, Marty’s session turned into a huge discussion.  This turned out to be very beneficial as we faced some of the real world challenges in implementing security.  Challenges like “I have 12,000 computers in 70 plants that need updated.  There’s no budget foe that.”  There was no solution given to this challenge.  My opinion is that the money will appear after a manufacturing plant is hacked with disastrous consequences.

If you do just one thing for Security – Dan Schaffer, Phoenix Contact

Dan’s one thing for security was “Know. Your. Network.”  Because you can’t defend what you don’t know and you can’t recognize anomalies if you don’t know normal.  Dan provided a mnemonic device for the steps to accomplish knowing your network: Smurfs Dance Under Blue Moons.

click to enlarge

click to enlarge

I’m a big fan of mnemonic devices so I remember this part.  He then offered suggestions on how to accomplish knowing your network.  He summarized each section with a haiku.  I can truthfully say that I remember the mnemonic.

–Carl Henning