This website, http://plcbestpractices.com started off a few weeks ago with an idea about describing a programming methodology for machine control. At work, my colleagues and I are discussing coding standards and machine architecture for our next project. Standards is a subject that has interested me for several years now because there aren’t any established frameworks or best practices as there is in the software industry. Baffled by this, I thought it would be interesting to share some of my thoughts and experiences on the subject and created this website to share those ideas.
Also, a while back I started graduate school, and now am in the last class, and part of the final project includes a series of blog posts related to my area of study, Information Systems Security. So, before I get into the machine control stuff, I will use this site first for that project with the subject of Information Security as it relates to machinery. The need for such security has traditionally been lacking in the industrial space. For years it was never considered to be important as the machines were independent of each other and didn’t communicate to anything. As networking grew, organizations wanted to connect the machines and get real-time information from them, and machine networking quickly expanded. When connecting equipment started security still wasn’t a concern, then suddenly and likely by accident the machines were on the internet, and some smart security aware folks began asking questions. Today, with the IoT and IIoT expending everywhere, nearly everything is connected to the internet, and although we aren’t there yet, not even close, security in the factory is gaining traction. For that reason, factory floor and machine security are where I would like to focus and add my experience and knowledge.
With that, I would like to welcome you to the first entry in a series about IT security in a manufacturing environment. Starting today, and for the next 12 weeks, this site will host my final class assignment and the capstone project for a Masters Degree in Information System Security. I promise I won’t try and be witty, I will try my darndest to avoid topics that are overdone, and if I can’t avoid them, then, I hope to provide a fresh perspective that relates directly to manufacturing and machines.
To provide some background and credibility for this endeavor, a little about me. I learned electronics in the Navy, where I worked on a very large computer that tested the avionics of various aircraft. After the Navy, I have worked in several factories and machine builders as a controls engineer building machines for customers in the automotive, consumer electronics, medical device, and consumer products industries. Today, I program equipment for injection molding of very small plastic parts that are used in medical devices, electronics, consumer devices and just about everything in between. All of this equipment is connected via networking, and now almost all of it is built with security in mind.
The upcoming subjects I will discuss:
- Introduction (You are reading it now.)
- The need for security
- Legal, Ethical, and Professional Issues in Information Security
- Planning for Security
- Risk Management
- Security Technology: Firewalls, VPNs, and Wireless
- Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools
- Physical Security
- Implementing Information Security
- Security and Personnel
- Information Security Maintenance and eDiscovery
 Internet of Things and Industrial Internet of Things