About twice a month, Emerson issues updates to a list of what Microsoft operating system patches and hotfixes have been tested and approved for installation on DeltaV computers. On top of what is or is not approved, there’s extensive information on the Emerson web site regarding cyber security, for protecting the process control network from harm. Emerson’s not the only automation platform supplier that test and approve/disallow patches and hotfixes for their products.
So it really bothers me that twice in the last month, some well-intentioned business IT dude has applied Microsoft patches that have rendered automation systems useless. I guess it’s not really their fault; it’s in their DNA – if there’s a patch or hotfix to apply, by golly they’re going to install it. All those precautions we take with firewalls, virus protection software and built for purpose, lockdown-able port switches just can’t protect us from our well-meaning IT buddies.
Here are some suggestions to help avoid these situations in the future:
Don’t tell IT where your servers are. They can’t patch what they can’t find.
Create a Props server rack. You’ve seen them anytime you’ve gone furniture shopping – sitting on the entertainment center shelves are these components manufactured by Props. Now they look a little “off” and don’t weigh a thing, but that’s OK – your IT friend will try relentlessly to stick the patching CD in a disc drive.
The real answer? Frequent "meeting of the minds" between business and automation IT professionals. There’s a fundamental difference between the IT requirements on business networks and those of a real-time automation or control platform. There are plenty of articles on the web discussing this. But all the articles are worthless if there’s no communication between these two critical team members. Now you don’t have to hug him, but maybe you could take him a basket of muffins?
No comments:
Post a Comment