If you are in the industrial space, and if you are reading this I assume that you are or are planning to be, then security should be on your mind. Most controls engineers don’t think about security. I hear a few reasons, “they don’t have time” and also, “it is IT’s responsibility, so I don’t need to deal with it.” To be blunt, that would be wrong thinking and maybe a little lazy.
In the IT space, security is right up there tightly integrated with the CIA triad or Confidentiality, Integrity, and Availability. The IT department cares about the triad in CIA order. Controls engineers should care about the same things in a different; Availability, Integrity, then Confidentiality. The data we create, store, and analyze isn’t typically confidential information. The individual data bits alone aren’t as important and doesn’t provide meaningful metadata until it is grouped with the other data and then confidentiality comes into play, but we need the data to be accurate and of high Integrity. And we need high availability; the production of the data rarely stops, and without availability, the data has no place to go, and then it’s lost forever in the ether.
What this means is: you have to plan. There should be a plan for data loss, data breaches, and corruption just like the IT department has in place for the business system. If this seems like it might be overwhelming, or overkill, think about how many problems it would cause if the data you create were lost today and isn’t recoverable. Could your business continue? Can your equipment still produce a quality product? If so, maybe you need not worry about it. Better though to ask a senior manager what they think would happen if the data you generate were lost. If your organization is anything like mine, it is very important data! Product traceability; lot or batch tracking; quality control are just three reasons the data is more important than merely production quota data.
So if you haven’t, please request a meeting with the IT department. They will be able to help with creating the appropriate policies, procedures, standards, guidelines, and plans. When they realize the importance of that data, they might even integrate into their existing plans making your life easier.
You will then help the IT department better serve your department, and they will begin to understand your POV of needing to get the job done. Perhaps you can learn how they handle security and all those annoyances to get their jobs done and assimilate those IT practices into yours for a more secure organization.