Drew Baryenbruch

Forward

This month’s topic is faults. Since no one from engineering volunteered to write a piece, I am forced to write the business and technical piece, so faults as a theme it will be. On the business side I will address over coming personal faults and then we will jump into the topic of faults in the way we view network security. 

Embrace Your Faults

John’s article about failure in the March issue got me thinking. They say the benefit of making it to the top is that you can laugh about all the mistakes you made along the way. The problem for us younger people is that we are still at the bottom of the metaphoric success hill looking up, and each of our follies seems far more devastating than laughable. We all believe perfection is the only path to success. While I won’t pretend to be over those thoughts completely, the faster we get past the idea of perfection, the better we can deliver and the faster we can grow.

What’s Your Biggest Shortcoming?

Own up, admit it, embrace it. It’s not like you can really hide it from the world. For those that correspond with me regularly by email my shortcoming is probably apparent. I am a terrible writer. It’s not that I can’t create thoughts, or don’t know how to write.  I’m an avid reader and actually enjoy writing. The issue is something in my wiring is off, always has been. The flow from brain to the keyboard or paper is not a clear tunnel. I will omit words, use the improper version of a word, randomly add short words like if, the, a, etc. and the strangest behavior swap 2 and 3 letter words for other 2 and 3 letter words.

It’s embarrassing. I know I come off less intelligent or mildly intoxicated. The latter of which is almost never true during working hours... I judge others the same way, but I have not found a way to consistently cover my fault.

The first step is admitting you have a fault. Figure out what you suck at and don’t let hubris lead you to thinking your dairy-aire don’t stink.

Dealing with Your Faults

There are always systems, processes and structures you can put in place to remedy or cover up your faults. For me, in structured settings like a newsletter, I get the benefit of a few days to forget my minds intent before I self proof and I also have Jessica’s eyes to catch my mistakes. That makes covering my shortcomings easy. 

I don’t think there is a personal fault, outside of stubborn ignorance, that can’t be covered up and corrected with a good system. Find a few that work for you.

There May Not Be a Perfect Fix

There will be times and places where regardless of your best attempts, your faults shine though. For me it’s a near daily occurrence.

I send out 50 to 75 emails on a normal day. Even with my best intents I do not have the luxury of holding them in my draft box for a day or having Jessica review them all. My systems and processes are not efficient enough. As a result I regularly show my fault.

This used to kill me. There was a time when I would apologize profusely or go back at night and try to retract emails I reread and found contained errors. I learned it’s not worth it.  

In spite of looking less polished or less intelligent than I would like, the world has not ended. I am sure I scared a customer or 2 away, but that’s life. We continue to grow, we continue to make new friends and fans. By and large people still get the information I am sending and that’s something.

Make up for Your Faults

“If the women don’t find you handsome, they should at least find you handy,” said a wise man named Red. Nobody is perfect. I’m not even close, but for as many faults as you or I have, I promise we have as many strengths we can fall back on. The next time you are busy moping about how much you messed up. Pick yourself up by the seat of your pants and use one of your strengths to try to right the situation. I make a lot of follow up calls. There are few mistakes that can’t be fixed or forgotten and fewer races and battles that will never be rerun. Go forth, make big mistakes, accept them, better yourself and move on. The Top of the mountain is waiting.

Drew Baryenbruch

I feel like network security is the dieting of the automation industry. Everyone talks about how bad they need it, but few, if any, are really implementing it and few understand it. If we want security to be something more than a buzz word, we need to understand it.  My goal is to give you the elevator ride synopsis of Security as a whole and give you a better understanding of buzz words being thrown around.

What Many People Forget about Security

So many of us think of security as protecting our important data. Making sure your online banking password is encrypted is an example that everyone internalizes. With that mindset, many people look at the factory floor and say, I don’t care if people know how much power I’m using or what barcode I just scanned, none of this data is important and no one could use it anyway. For a huge amount of data generated in automation those thoughts are 100% correct, but that is missing the point of security. 

The most important roll of security is not to protect data on a factory floor, but to ensure that the network stays up and running. That means securing the network from outside malicious attacks, and more importantly, it means securing the network from the attacks that come from less malicious sources.

You know, control engineer Ron who loves to stream Pandora over the control network eating up a huge portion of bandwidth, Gwen in production who couldn’t help downloading a .pdf from an email so she could claim $10k from a prince, or even from Ned who had the best intentions when he reassigned IP addresses across the entire line to be sequential. Security is as much about protecting our networks from ourselves as it is about protecting it from the scary hackers.  

In General How Much Do Average people Care about Security?

The most recent Microsoft study found that 25% of PC’s featured no or outdated security software, and an industry study from last year found that 46% of smart phones were unsecured. This study counted having a screen lock enabled as security.

If nothing else, this should highlight how little your coworkers collectively view security. As the industry continues to push towards mobile access and control, these statistics become more frightening.

Buzz Word Stuxnet;

How did it bring security to the forefront of conversation:

Stuxnet has been paraded as the poster child for why security in automation applications is so important, but it was far from an encompassing threat to all users as you may expect. While the virus did expose weaknesses in Windows and the S7’s, the actual attack was extremely focused.

The attackers had to gain access to the facility to install a program from a flash drive onto a Microsoft PC. The PC had to have Siemens SCADA software. The SCADA software had to be connected to a Siemens PLC, and that PLC had to be connected to drives from either Vacon or Fararo Paya.  The virus made those drives spin centrifuges just past their point of safe operation while having the SCADA HMI report safe operation. This caused centrifuges to fail prematurely.

While other mischief could be caused and other information gained with the remote access to the PLC control that was also established, the virus discovered was specifically designed for this very niche application, and the hackers went out of their way to make sure the virus didn’t do other harm to “innocent” systems. It is a totally inert bug unless in this very specific environment.

While having Windows and an S7 PLC hacked is not a warm fuzzy feeling, I feel most of us are safe from such attacks. Unless you are enriching uranium or doing something else interesting or threating enough to garner the attention of a multinational, highly focused, hacker attack you are probably safe from this type of attack as well.

Stuxnet is an example of an attack on an automation architecture the industry had been missing, but this wasn’t a random or wide spread attack. 

Who Needs Network Security?

A security expert will tell you everyone, and to some level I totally agree. While serial devices still dominate the factory floor, you are hard pressed to find lines that do not have any networking enabled. The idea that a closed network is secure is going away.

Windows XP is still the market share leader in industrial automation PC OS’s. All those systems on open networks now lack support for all subsequent security fixes.

Does Moving to a New Ethernet Network Protocol Increase Your Risk?

Absolutely! The higher end protocols add more meta data making the actual data far more usable to someone sniffing around. Again, the far more pressing issue is introducing proper EtherNet Network management. As Controls Engineers our background is by-and-large serial. Learning to effectively architecture an Ethernet network for control and security can be a real challenge at first.

Plus none of the leading control protocols have implemented any security features.

What is Your Risk Tolerance?

The most important question is what is your risk tolerance? If you are like me and don’t work in nuclear power, you have a much greater tolerance. Implement procedures and systems to meet your need. Understand your risk so fear and hype don’t drive your design.

Note: The idea behind this bimonthly insert is to get Generation Y ready to take reins of the Automation industry. Scott and I both fall in the 20 something range. If there are particular topics you would like addressed drop us an email.

Drew@ rtaautomation.com