The need for security

This week we discuss the need for security. It should go unsaid with the number of reported cyber attacks in the news today. That there is a definite need for security yet I hear nearly every day someone–not always the same person–complaining about: logging into a machine to see a setting, the timer timeout time for automatic logout, no access for a setting, or we need to run a machine outside of normal parameters. Sure, you might have legitimate reasons for needing less security. However, those reasons rarely consider the business reason for needing more security. Its main argument is always a convenience.

There is a business need for using security. It keeps an organization’s intellectual property safe. It keeps employee personal information safe, and it keeps customer information safe. Without security, it becomes very difficult to keep the confidence of the stakeholders, and the business could fail.

Another common thing I hear is, “we don’t have anything important to protect.” You might think so but do you think the CEO or your manager has the same opinion about losing information. You might think it would be easy to reproduce, but what about the lost person-hours spent recreating that lost information. What is the opportunity missed because you didn’t work on something new?



Let’s begin


This website, started off a few weeks ago with an idea about describing a programming methodology for machine control. At work, my colleagues and I are discussing coding standards and machine architecture for our next project. Standards is a subject that has interested me for several years now because there aren’t any established frameworks or best practices as there is in the software industry. Baffled by this, I thought it would be interesting to share some of my thoughts and experiences on the subject and created this website to share those ideas.

Also, a while back I started graduate school, and now am in the last class, and part of the final project includes a series of blog posts related to my area of study, Information Systems Security. So, before I get into the machine control stuff, I will use this site first for that project with the subject of Information Security as it relates to machinery. The need for such security has traditionally been lacking in the industrial space. For years it was never considered to be important as the machines were independent of each other and didn’t communicate to anything. As networking grew, organizations wanted to connect the machines and get real-time information from them, and machine networking quickly expanded. When connecting equipment started security still wasn’t a concern, then suddenly and likely by accident the machines were on the internet, and some smart security aware folks began asking questions. Today, with the IoT and IIoT[1] expending everywhere, nearly everything is connected to the internet, and although we aren’t there yet, not even close, security in the factory is gaining traction. For that reason, factory floor and machine security are where I would like to focus and add my experience and knowledge.

With that, I would like to welcome you to the first entry in a series about IT security in a manufacturing environment. Starting today, and for the next 12 weeks, this site will host my final class assignment and the capstone project for a Masters Degree in Information System Security. I promise I won’t try and be witty, I will try my darndest to avoid topics that are overdone, and if I can’t avoid them, then, I hope to provide a fresh perspective that relates directly to manufacturing and machines.

To provide some background and credibility for this endeavor, a little about me. I learned electronics in the Navy, where I worked on a very large computer that tested the avionics of various aircraft. After the Navy, I have worked in several factories and machine builders as a controls engineer building machines for customers in the automotive, consumer electronics, medical device, and consumer products industries. Today, I program equipment for injection molding of very small plastic parts that are used in medical devices, electronics, consumer devices and just about everything in between. All of this equipment is connected via networking, and now almost all of it is built with security in mind.

The upcoming subjects I will discuss:

  • Introduction (You are reading it now.)
  • The need for security
  • Legal, Ethical, and Professional Issues in Information Security
  • Planning for Security
  • Risk Management
  • Security Technology: Firewalls, VPNs, and Wireless
  • Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools
  • Cryptography
  • Physical Security
  • Implementing Information Security
  • Security and Personnel
  • Information Security Maintenance and eDiscovery

[1] Internet of Things and Industrial Internet of Things