Are the Manufacturing Systems on Your Plant Floor Secure?
Are the Manufacturing Systems on Your Plant Floor Secure?
How can you secure manufacturing systems on the plant floor?
We work with a lot of manufacturing organizations that use systems like CNCs, robotics, etc. And one of the trends that we’re seeing, and have been seeing for a number of years now, is that more and more equipment on the plant floor is connected to the network.
It may be a little sensor of some kind, or a machine that has some computer on it, or some kind of automation system. And what we’re seeing is that it’s becoming a bit of a security risk for our clients.
Some of these devices are may not be kept up to date. There is some older equipment out there running older versions of operating systems that are no longer supported. And it’s really becoming a situation that the manufacturing companies need to address.
The Challenges of Secure Manufacturing Systems
How do you secure your network and, at the same time, leverage these tools and equipment that are available to us? There are a lot of different components to this. And it’s becoming a bigger deal as every device that’s added seems to have another kind of sensor.
It could be a CNC, or a robot, or something with a bunch of little sensors that are gathering data. And we’re also seeing more and more data being collected as the sensor technology becomes more cost-effective.
There are more and more things that they’re collecting and analyzing in the background. And that data is great because it provides visibility into efficiencies and visibility into the manufacturing process. But at the same time, it’s also introducing some risks to the organization.
Minimizing Risk in Your Network
Think about the best way to minimize risk in your manufacturing network. You have all kinds of different devices with varying degrees of security. One of the best ways to minimize risk is to take the exceptionally vulnerable devices and isolate them.
Certainly, you want to be isolating the plant floor equipment from the operational network, if you will, from the main production servers and things like that. And then there may be a piece of equipment with an old XP box on it; you may want to take it offline entirely or restrict the amount of online access that it has.
Maybe you’re giving the vendor remote access to get in and provide support, but you’re not allowing the device to talk to the internet in general.
It’s really all about segregation and what these devices need access to. Can we limit them from talking to each other? That way, if one of the devices is compromised, it doesn’t impact the overall network.
When we ask business leaders what they want from technology, one of the things they always mentioned is security. They want peace of mind. And they want to know that their systems are secure and they can sleep at night knowing that if some kind of worst-case scenario were to happen, they have a plan in place and they have the ability to get back up and running.
They also want to minimize risk. When we look at manufacturing in particular, there are some rather distinct challenges that manufacturing companies face that aren’t necessarily relevant to every other organization.
There’s a lot more equipment and a lot of older things that maybe you don’t have the ability to upgrade. There may be some older or unsupported operating systems. How do you secure that?
The CopperTree Method for Secure Manufacturing Systems
We have quite a bit of experience with this at CopperTree. We work with a large number of manufacturers in this area. And some of the things that we do is just working on the network segmentation and ultimately looking at a strategy for your particular organization.
Part of our service is developing best practices for each of the technologies that our clients use. And every month we go through and we see how you stack up against those best practices. Are there ways that we could minimize risk in your organization?
If you’re thinking about putting a plan in place, it really starts with that big picture strategy. Where’s your organization going? Where are you today? And how do you get to that future state?
Incremental Changes for Serious Progress
From there, we make small but constant incremental changes to the health of your system. If we can come in and tweak something in the background to minimize risk every month, and we make a few changes every month after a period of time, you’ve gone a long way and you’ve put in made some serious progress in that direction.
When you’re leveraging an organization like CopperTree, you want to make sure that they understand the strategic side of things. You want to make sure they understand the unique challenges that an organization in manufacturing has. And you want to make sure that they understand exactly what your goals are and what you’re trying to achieve.