April 2021

10 | Plant & Works Engineering www.pwemag.co.uk April 2021 Insight S afety and security in industrial plants may need rethinking. The future of manufacturing processes is digital, which is creating many opportunities for plant operators to enhance efficiency, increase flexibility and make their plants future- proof. But there is a downside: threats to plant security arising from rapidly growing and increasingly sophisticated cyber-criminals, as well as an increased risk of unintentional security incidents from within organisations. In the latest of our series of online discussions called Talking Industry, three expert panellists (see box on the right) focussed on three broad areas: • rethinking the relationship between safety and security; • increasing productivity through safety; and • safety in large systems, integrated machines and production lines. Jason Reed took the reins for the first section, concentrating on the relationship between safety and security. In doing so, he took on the challenge of condensing three hours of presentation material into around five minutes. Today, he asserted, not only do we have a desire to connect and share information, but we also have a need to do so. So the buzzwords such as the Internet of Things, Industry 4.0 and smart factories, are becoming the norm. The traditional process of setting up a factory or a production line to manufacture thousands of widgets cost-effectively, is being replaced by smart factories or single production cells that can manufacture batches or one-off orders. However, there’s a downside to this – there are people, organisations and even nation- states that want to exploit weaknesses in the IT infrastructures. Common points of entry are via the Internet, removable media such as USB memory sticks, and email campaigns. Historically, IT security has been about confidentiality of information. Threats are made over companies’ IT structures – typically in the form of ransomware, where a system is locked down until a payment is made, or IT breaches in which company or customer data is stolen. The cost to the company of either of these forms of attack is financial. But with smart factories, industrial security involves protecting production and industrial plants against faults, whether intentional or unintentional. In the past, communications would have been carried out via manufacturer- specific protocols. To do any damage, an attacker would probably need to enter a factory physically or access machines via telephone lines. Now, these protocols are now increasingly being replaced by Ethernet-based communications, allowing attacks to be carried out via the Internet. Jason Reed suggested that anything with an Ethernet connection is a risk. Some of the remedies that the panel discussed included: • protecting plant and machinery so that only authorised personnel have access, thus preventing manipulation of the control systems by external attackers; • using anti-virus scanning software; • training staff not to click on malicious attachments or links from emails, or log on to unsecure WiFi networks; • keeping track of passes of anyone entering buildings; • keeping records of who is competent to carry out patch updates to machines; • when buying new equipment, making sure that its operating systems are up-to-date; and Keep plants secure in an era of threats In the fourth panel discussion in our Talking Industry series, three experts on plant safety and security got together to discuss the latest thinking on these topics. Andy Pye, consultant editor of PWE, who chaired the session, reports on some of the highlights of the lively Talking Industry