Office/Plant Security Clash

Here’s ARC’s breakdown of the differences between plant and IT when it comes to technology.

Priorities
Office: Confidentiality, data integrity and availability.
Plant: Availability, data integrity and confidentiality.

Downtime
Office: System downtime can come when the office workers are gone at night.
Plant: Often plants run continuously, so downtime translates into lost productivity.

Lifecycle
Office: Lifecycle of technology is typically three years.
Plant: Lifecycle is usually 10 to 20 years.

Systems
Office: Many nearly identical systems—off-the-shelf personal computers and servers, plus standard network components.
Plant: Unique systems, as well as rugged industrial personal computers (PCs) that use Microsoft operating systems that are exposed to Windows threats.

Customization
Office: Never customize the operating system.
Plant: Use operating systems with extensions and unique drivers, which makes updates complex.

Upgrades
Office: Maintain systems in mass.
Plant: Have not been kept current—may be running Microsoft MS-DOS or Windows 3.1, 95 and/or NT, so security fixes may not be feasible.

Applications
Office: Run common office applications.
Plant: Run a large variety of applications that are closely coupled with the operating systems and expensive to upgrade.

Outside the box
Office: Applications seldom need to stretch the rules.
Plant: Applications tend to rely on scripting, proprietary application programming interfaces (APIs) and behaviors to achieve performance, determinism and operations functionalities.

Security approach
Office: Use standard operating systems security almost exclusively.
Plant: Applications provide security extensions for production needs.

To view the accompanying article to this story,"Corporate IT Helps Plants with Security", go to www.automationworld.com/feature-4257