Emerson: Security Starts with Talking

Tuesday, September 28, 2010 @ 11:09 PM gHale

Technology is a wonderful tool to help companies become bigger, better, faster and more profitable. And these days we need technology to be running in tip top shape or the manufacturer will suffer from the consequences.
You can have all the technology in the world, however, and if two departments can’t communicate and get on the same page, then you have a problem.
Take the plant floor and IT. Those two areas have long been at odds over who can do what to whom. But there is an answer and it is communication. That was the message Tuesday during the 2010 Emerson Global Users Exchange session entitled “Is solving world hunger easier than working with IT security?”
Experts from opposite sides of the fence hosted the session, Bob Huba, Emerson’s DeltaV product manager spoke from the engineering perspective and James Robinson, of Emerson’s corporate IT department, spoke from the IT side.
While Huba and Robinson work for Emerson, they both work in their own environment, but speak the language of their specific profession. What they realized when they got together is they spoke completely different languages.
“It took us about a month of talking for us to understand each other’s terms,” Robinson said.
It all comes down to understanding each other’s missions.
“In the IT world, they want confidentiality and they are not worried about availability,” Huba said. “I want high availability and am not worried about confidentiality.”
That is where the communication comes in and learning what each other’s goals are.
“When I worked in IT at Anheuser-Busch, I learned these systems need to be available and not worry about confidentiality,” Robinson said. “IT works faster. In four to five years (in a non manufacturing environment), you will have a new system, but a control system will be around for 15 to 20 years.”
Essentially, for a truly successful relationship between the plant floor and IT, the two have to sit down with each other and talk. “If you find someone in IT, you have to hang on to them,” Huba said. “Find someone you trust.”
During the session Huba and Robinson did some role playing of what an actual scenario would be when IT and plant floor engineers get together to talk about who owns the control system.
They talked about issues the two departments face every day, such as patch management, scanning the system, antivirus/anti spyware software, penetration testing and hardening the system among others. The long and short of it is the two departments have their marching orders and they often end up at odds with each other. That is where communications comes into play.
If both are on top of their games, they will sit down and come to an agreement on what they can do to ensure control system availability and also make sure it is secure. They will work out standards, policies and procedures so there is a plan in place so everyone can follow on the same page.
“We want to create a workable dialogue to develop the process and create a security policy. That provides a more secure system and maintains robustness,” Huba said.
“We just need to get these groups together to communicate,” Robinson said.