How can you protect your networked manufacturing systems from malware and other undesired infections? Here's a list of suggestions to consider.
- Set up a PM for security monitoring. Include things such as auditing systems for "illegal" user accounts, easy-to-guess logons, and easy-to-guess passwords.
- Keep a master logon and password file rather than using memorable logons and passwords. If you keep an electronic version, ensure that it's encrypted and does not reside on any machine on the network.
- Make backups of PLC programming. Once a PLC is programmed, reprogramming should rarely be needed (unless you have frequent process reconfigurations).
- Store all programming, including batch recipes, on removable backup media. Keep these under lock and key; implement usage policies that prevent overwriting backups with infected code (consult a security expert, if needed). When restoring an infected machine from backup, use a copy of the backup as your restore source.
- Limit access to PC programming to specific personnel. Ensure each access is entered into a log book or file that specifies the date, time, and purpose of the access.
Coordinate with the IT department for implementation and monitoring of security best practices.