Simple Solutions That Work! Issue 16

37 FLEXIBLE MANUFACTURING & ENGINEERING TRENDS The following tables illustrates how nine key points can differ: Now that the key differences between IT and OT have been identified, the foundry manager must: • Identify who is responsible – In most foundries cybersecurity is the responsibility of the IT manager, however his/her role often ends at the start of production. The health and safety manager is normally responsible for physical security. This leaves a void as to who is responsible for OT security. Someone within the foundry must formally take on responsibility for OT security. • Educate employees on cybersecurity – Each employee with access to IT and OT must understand cybersecurity risks. The simple installation of a non- critical device such as a Wi-Fi printer can open a weakness. An even greater threat can be the use of personal smart phones and USB devices to conduct company business. The uncontrolled access to servers can also result in many gigabits of garbage being stored. Training must also be tuned to each employee’s ability. The molders understanding of cybersecurity might not be the same as your PLC programmer. • Develop a culture of vigilance – The greatest weakness to OT security is from within the foundry itself. When developing an OT security plan, the greatest risk is from employees, contractors, and other people who can access systems from within. If guests are allowed access to Wi-Fi, there should be a guest network that can be closely monitored. To help foster heightened OT security, equipment manufacturers that want to help foundries implement Industry 4.0/IIoT should provide hardware, PLC programing, HMI programing, software, and networking that provides segmentation and segregation between foundry systems and non-authorized users. Unfortunately, the more systems connect, the more exposed and vulnerable the underlying sensitive manufacturing layers become. Unless specifically isolated, as network-connected devices, a compromised IIoT device can provide access to the rest of the OT segment it is on. Multiply that times thousands of individual devices, and you can see where the potential security issues proliferate. Therefore, the security of IIoT devices on the OT network is just as important as all the other network-connected components running the machinery. Equipment manufacturers need to change how we secure networks in an Industry 4.0/IIoT age. As pointed out IT and OT sometimes conflict so how do we connect the lower OT operations directly to the IT operations while maintaining cybersecurity? What role does the cloud play in all this? How can we reconcile the ability of IIoT devices to send data directly to the cloud with the need to properly secure them against the growing potential for compromise? Contact: JOHN HALL jhall@cmhmfg.com