CT2005-OTB-Hero

More chores for essential workers

May 11, 2020
Rezabek adds to the list of housekeeping priorities for the COVID-19 constrained

By the time this column goes to press, perhaps more “essential” workers will have returned to the workplace and resumed normal duties. But chances are, unless your enterprise has a huge contract for hand sanitizer or facemasks, your funding for even modest investments may be limited or on hold. Meanwhile, there's no shortage of opportunities to “detail” your plant.

No list of oft-neglected or procrastinated activities would be complete without mention of cybersecurity. In many environments, updates are a somewhat risky and cumbersome/unwelcome disruption to operations, whose workstations can be offline and unusable for an hour—more if things don’t go well. Are you committed to invoking a virus scan on some interval? Getting access to keyboards and mice while “social distancing” poses some challenges as well—maybe you're configured and licensed for “remote desktop” sessions, or your operator interface is virtualized anyhow. Remember that even virtualized machine boxes need updates. We should avail ourselves of any chance to prove our upgrade/update procedures on offline systems, or when there’s minimal risk to operations.

While you’re tending to all those Windows patches and virus signature updates, don’t neglect other chances to harden your system and shrink holes in the “Swiss cheese slices” of your layers-of-protection. I learned the other day, working through a long list of security alerts and recommendations, that patching a vulnerability to “Heartbleed” and “Spectre” exploits involved a BIOS update to our Windows servers and workstations. When I looked it up, I found we were still on an old BIOS, and the update (from 2018) was marked “urgent” on the vendor’s website. The BIOS update alone doesn’t close the hole, so check with your systems’ vendor and hardware supplier to ensure you’re up to date.

Physical security can often be enhanced without a huge capital outlay. For example, can physical cabinets or rack areas be locked (or locks added to them)? Can unused USB ports be physically blocked, or disabled through “Group Policy” settings? Are DVD drives still active or accessible? Ethernet switches can be unwelcome portals to your system, and might be an inexpensive upgrade, both for speed and security. It's not uncommon for Ethernet switches to have firmware updates that address both security and reliability.

Tending the field

While it seems like every cybersecurity rock we turn over has another bug underneath it to squish, spend some time in the field as well. When a field device needs maintenance, are its interactions all documented? Measurements get repurposed or utilized in advanced controls or neural networks, perhaps. Some get used for pressure and temperature compensation of flows. The systems engineer can likely see this from the engineering interface, but it’s not always obvious to the operator or maintenance tech—until the device is pulled for maintenance. Consider how to make these interactions visible and seek out those that have crept into the configuration.

What about the physical security of devices and their wiring? Can they be easily accessed and changed? Even though maintenance workers may be dismayed, it’s good to recognize that enclosures only achieve their rating (i.e. NEMA 4X, explosion proof, etc.) if all their fasteners are engaged/torqued. Interconnecting conduit or cables should likewise be fitted with seals, drains and drip legs in a manner that conforms to the code requirements for the enclosure contents. Good physical security shrinks the Swiss-cheese-holes somewhat, for unauthorized changes to field devices.

It can be worth checking if field device configurations are in sync with the system. Are you taking a square root twice, or not at all? Is it still a Type J thermocouple or a four-wire RTD? Does the configured 4-20 mA range match the system? Where you find discrepancies, see if their source can be identified and consider procedural or training changes that aim to eliminate it.

Oh there’s more. Stay tuned to ponder more opportunities to give your system some polish where you might have missed.

About the author: John Rezabek
About the Author

John Rezabek | Contributing Editor

John Rezabek is a contributing editor to Control

Sponsored Recommendations

2024 Industry Trends | Oil & Gas

We sit down with our Industry Marketing Manager, Mark Thomas to find out what is trending in Oil & Gas in 2024. Not only that, but we discuss how Endress+Hau...

Level Measurement in Water and Waste Water Lift Stations

Condensation, build up, obstructions and silt can cause difficulties in making reliable level measurements in lift station wet wells. New trends in low cost radar units solve ...

Temperature Transmitters | The Perfect Fit for Your Measuring Point

Our video introduces you to the three most important selection criteria to help you choose the right temperature transmitter for your application. We also ta...

2024 Industry Trends | Gas & LNG

We sit down with our Industry Marketing Manager, Cesar Martinez, to find out what is trending in Gas & LNG in 2024. Not only that, but we discuss how Endress...