Based on 25 years of professional experience in various businesses around the globe, I can say that many industry verticals have a pretty good state of safety culture as it relates to the health and safety of their employees. This is especially true for companies involved in high-risk businesses such as oil and gas, (nuclear) energy, manufacturing, chemicals, food processing, and so on. In such industries, it is pretty clear that there is a risk that something may blow up, hurt, or even kill people.
However, it seems that the next big driver for them is business alone, and they are not as focused on information or IT security when it comes to the logic side of security like bits and bytes, document handling of confidential information, and similar subjects. This is in stark contrast to their keen attention to physical safety and security issues.
It would seem intuitive that any organization with a commitment to safety by counting (and incentivizing) the hours (days, weeks, months, …) of safety-incident-free time should also be easy to convince that taking a similar approach to information security would be a good thing. But it is not that easy. Operations in these businesses are very physical, so it is not really in the mind-set of a rig guy or gal, a welder, a component mixer, machine operator, or similar, that another devastating incident (attack) could happen from “within” the system(s), by a human adversary committed to do harm in the interest of their nation state or paying agent. All those systems in the above mentioned industries that are working at the process level (sensors/actuators, process control, SCADA (supervisory control and data acquisition) are designed for efficient and effective, good performing, and reliable operation, but they were not really designed and built to resist logic attacks from a human smart guy who can outsmart almost every defense.
In industrial networks, spanning the areas of instrumentation, control bus, operations, business, or enterprise, the often cited Purdue reference model that provides for several “levels” or “zones” of abstraction and segregation can be used. A really good introduction can be found in the Secure Data Transfer Guidance for Industrial Control and SCADA Systems.
The main security points to address are:
Tags: encryption, information security, information technology, IT, network segmentation, physical security, security
As 2014 kicks off and gets rolling, the economic supply-and-demand landscape is starting to look much different than recent years. Many manufacturing companies are rethinking strategies, investments and competitive approaches to take advantage of an emerging industrial renaissance globally. Savvy manufacturers are utilizing the Internet of Everything (IoE) to converge and secure real-time visibility between business networks (information technology, IT) and control and automation systems (operational technology, OT) and to reduce costs, improve uptime, increase asset utilization, and lock-down on end-to-end security.
In fact, as part of our overall industry presence, we will be discussing this very topic at an upcoming session at Cisco Live Milan. At the “Connecting Manufacturers for Productivity, Growth and Time to Value with the Internet of Everything” (session # BRKIND-1229), held on Wednesday 29 January at 4:30 pm, we will discuss how IoE solution architecture provisions immediate, secure access to plant performance and production automation systems for management and expert teams worldwide, providing open-standard, IP-based communication and control infrastructure for production operations.
Many of our customers tell us that because Cisco’s solutions for manufacturing have proven, validated architectures, we reduce the risk for operations and control engineers. In addition, we provide them with access to networking knowledge, design guidance and expertise and more, so they can rapidly deploy smart and connected factories. If you are coming to Cisco Live Milan, please join our Cisco Manufacturing Industry and IT/OT Business Group executives and subject matter experts to learn more about best practices for this growing segment. Similarly, for the Oil and Gas industry, we have a session called “IoE in Action: Solutions and Case Studies in Oil and Gas” (BRKIND-1230) which will offer guidance and strategies to companies in this segment.
Cisco Live Milan is a chance for you to learn more about networking issues for industrial environments and figure out how to leverage IoE to meet your goals – whether it’s reducing costs, speeding time to market or improving operational effectiveness.
If you are already registered to attend Cisco Live Milan, you can register to attend this session on your Cisco Live Schedule Builder today. For more general information on Cisco Live, please visit the main event website here. See you in Milan!
Tags: cisco live, Cisco Live Milan, information technology, Internet of Everything, IoE, Manufacturing, operational technology
Cisco IT’s Bring Your Own Device (BYOD) program allows employees to be most productive on whatever device they choose. Whether it’s an iPhone, iPad, Android, Mac or PC they can connect to the Cisco internal network easily, but that’s not what this blog is about, if you’re interested in that initiative click here and here. This blog is about how adding a social layer, specifically Cisco WebEx Social, resulted in an improved user experience and reduced caseload and therefore avoided cost. Personally, I’d like to say the easy onboarding of devices has caused me less wrinkles, but I’ve yet to find a quantitative way to prove that hypothesis true, so let’s stick to the facts:
- In November 2010, Cisco IT had 4,566 cases per 33,354 devices or about 0.14 Cases/Device
- In October 2011, Cisco IT had 3,921 cases per 48,530 devices or about 0.08 Cases/Device
- Cisco IT has had a 52% increase in devices and 16% more users
Read More »
Tags: aaron chiles, Android, blog, byod, case, caseload, cisco on cisco, Cisco WebEx Social, coc-collaboration, collaboration, community, Help, information technology, iPad, iphone, IT, mac, mobility, onboarding, PC, support, WebEx Social, wxs
Rebecca Jacoby, Cisco Senior Vice President and Chief Information Officer, highlights Cisco’s transformation in the areas of communication and collaboration. Pervasive video has made communication and knowledge sharing extremely efficient and effective at Cisco. Both virtual events and the Integrated Workforce Experience (IWE) internal collaboration platform have been especially influential in enabling greater, more effective communication. Read More »
Tags: aaron chiles, CIO, Cisco, Cisco IT, cisco on cisco, coc-collaboration, collaboration, communication, information technology, iwe, Knowledge Sharing, pervasive video, Rebecca Jacoby, video, virtual events
By Howard Baldwin, Contributing Columnist
Where is broadband deployment most widespread and thus most successful? Countless surveys, including some that we’ve referred to on the Connected Life Exchange, show Asia as the undisputed leader — especially South Korea.
But INSEAD (formerly known as the Institut Européen d’Administration des Affaires) tweaked its methodology for tracking network readiness in its Global Information Technology Report (GTIR) between 2011 and this year, the rankings of its Networked Readiness Index (NRI) came out slightly different, and Asia’s presence faded.
Read More »
Tags: economic development, information technology, INSEAD, Networked Readiness Index