Editor and Founder Gregory Hale has over 30 years in the publishing industry covering manufacturing automation for 10 years as the Chief Editor of InTech magazine. Prior to starting atInTech in 1999, Hale was the Editor in Chief at Post-Newsweek’s Reseller Management magazine. In addition, he is the co-author of the book, “Automation Made Easy” “Everything You Wanted to Know About Automation – and Need to Ask”.
An oil platform stood silently awash in the Gulf of Mexico waves a short time ago and unbeknownst to workers on the rig and those offshore, malware was on board turning that facility into a potential floating time bomb.
Malware, downloaded via satellite and through USB drives, incapacitated computer networks and left the rig lifeless, unable to perform any duties for a period of time.
While the rig eventually came back on stream after workers furiously fixed the locked up system, it turned out a worm was flooding their network out in the middle of the ocean. Had this incident been a targeted attack, the rig could have sustained major problems.
With enough knowledge of a facility like an oil platform, refinery, or pipeline network, a cyber attack that used distributed malware could lead to physical damage and serious losses of revenue.
There is no explaining how many millions of dollars that unplanned downtime cost the oil company. In today’s tight economy, companies, big or small, cannot afford to lose that kind of money to any kind of safety or security incident. Uptime remains critical.
Uptime Remains Critical
The cost of unplanned downtime is just one case to show management there is a solid business proposition behind employing solid safety and security programs. The idea pushing forth in the industry today is safety and security are not just insurance policies to protect against an incident or bad guys, but rather a business enabler that keeps the network and system up and running, productive and profitable.
“The insurance justification doesn’t always work,” said Farshad Hendi, industrial automation safety industry manager at Schneider Electric. “People will say I worked at this plant for the past 15 years and we have never had an incident. It is true you didn’t have an incident in 15 years, but that does not mean you will not have an incident tomorrow. Uptime and operational stability is something that resonates with people very quickly. If your plant is down for one week you can quickly determine the cost and you can quickly determine how much investment I need to put in and how much gain I will get.”
Indeed, when talking about safety or security users need to consider metrics such as improving the efficiency of operations, reduction in time to detect incidents and return on prevention.
But “wait a minute,” a senior manager could say, “we have never been hit before, so why should I pay for something that doesn’t generate revenue?” The simple answer is, safety and security can pay off big dividends.
“It is an interesting conversation to have,” said Joshua Carlson, industrial automation manager for cyber security in North America at Schneider Electric. “The challenge is getting users to understand we are not just looking at the risk model and figuring out the probability. With cyber security, it is not a matter of if, but a matter of when. The challenge becomes at some point when are you going to have an incident and how much is it going to cost you?” more