The world of automation has changed significantly over the past 30 years. I have fond memories of starting my career by calibrating, adjusting, and tuning pneumatic control loops while working my way through the electronic age right up to the present digital and cyber generation of automation. If you are like me, it is easy to get lost in all the technical changes that have made our jobs so rewarding and challenging. I want to highlight these changes by sharing my thoughts related to “Cyber Security.”
At the beginning of my career, the biggest concern was having clean dry air supplied at 20 psig and a 3 to 15 psi control signal. This may be a bit simplified, but there is no doubt that control systems were less complicated 30 years ago (or maybe I was just naive!). As technology evolved we soon found 24V dc power, electronic controllers and 4-20 ma signals quickly replacing pneumatics. Next came the age of microprocessors, digital processing, PLC, and DCS automation systems. This class of instrumentation required a new knowledge base, typically beyond the comfort zone of automation engineers who began their career with pneumatics. A new skill set was required for engineers like myself, that included a new tool kit consisting of engineering work stations and configuration software coupled with IT and PC related skills.
Along with PLC and DCS platforms the concept of “open systems” was introduced by automation vendors. As if we did not have enough on our plate to begin with, we continued to expand our IT base to include skills such as networking and data sharing. At this point, a lead automation engineer’s time is consumed managing the technology, while ensuring the automation system remains fully integrated and the project remains on schedule.
Why this walk down memory lane? If you are like me, we can get caught up in all the day to day activities of project meetings (budget, scheduling, resource, etc.), endless emails, etc., and can lose sight of our primary goal – to develop, design, and start up a solid and reliable control system. As the projects demand us to drive hard to get to the finish line, we must not overlook new technology and risks that may be imposed.
My wakeup call was Cyber Security. As a lead automation engineer, there was a long period of time when I thought “Cyber” only referred to Internet gremlins, malware, and other nuisance software that would render only the HMI useless. I also assumed that if there was no Internet connection, all these problems go away. As the years progress, I have come to realize there is much more to Cyber Security than the Internet invasion. Lead automation engineers who are responsible for the safe and reliable design of automation systems need to realize that Cyber Security starts with a risk analysis and includes solid design principles related to intranet (corporate networks) communications, control system networks (Ethernet, Modbus, etc.) securing open ports, router and firewall design and configurations, creation of secure communication zones for both internal and external data sharing.
Lead Automation Engineers responsible for safe and reliable design need to remember that many of the “Cyber” threats and risks that will be encountered in today’s automation systems may have nothing to do with the Internet, but will originate within the boundaries of the automation system and corporate networks.
Since joining exida I’ve come to realize how important a well-designed, thought out, and secure automation system is for ensuring a safe and reliable process. I can see why Cyber Security is so important and should be viewed as part of the overall safety lifecycle for any plant automation system.