"Dow is pouring more and more resources into network security," said Murphree. "We are balancing that with people's desire to have higher-speed connections and greater bandwidth. The use of firewalls and other detection programs to keep outsiders out of company Extranets is also important."
"Everybody will have to review and increase their network security for two reasons," Hudson said. "Mobile computing and pervasive computing (wireless) allow breaks through firewalls and can jeopardize network security. Then there is the real concern of cyberterrorism."
"Network security is a big deal," said Buddy Creef, director of end-user sales for Cognex, a leading supplier of machine vision systems. "Our intellectual property defines our net worth. Because of that, our outside sales force accesses our internal systems either through a secure dial-up or a VPN connection."
While many companies are addressing the issues of implementing or improving physical security measures, they are also acknowledging the pressing issues of network security. As company employees become increasingly mobile, the requirement for remote access is generating the evolution of augmented security features across the network.
But how do companies face the challenge of safeguarding their systems while allowing for the technological advances to provide secure links to the authorized personnel?
"We use secure ID key fobs that have six-digit numbers that change every six seconds," said McKeel. "That, paired with a PIN, becomes the password." The technology comes from RSA Security, an early pioneer of Internet security with headquarters in Bedford, Mass. "Additionally, we have access lists for particular shared infrastructures and for specific access."
Schneider Electric has a "fairly elaborate process to get security access," said Sapp. "You need a security clearance to access different levels of company access. That's the first line of defense. If you need remote access, we use AT&T Global Net, a global dialer that allows you to access your e-mail and systems that are generally available on the Web site. If you want inside the company's Intranet, we have a Novell client that is the point-to-point contact to the company's firewall. You have to have the right IP address to access the Intranet, and the Intranet itself has secure sites within for further segmented areas."
At Dow Chemical, Murphree said that in Manufacturing and I/S there is a group of system architects whose responsibility is to set the technical architecture in balance with the access needs of the employees. "Some of those discussions are done at a high level, but sometimes they have to be educated on (the avenues) to provide security and still meet the business objectives, i.e., partnerships with semi-competing companies." These partnerships aren't completely new in the manufacturing business. The industry buzzword is "collaborative manufacturing." "It's a negotiation," stated Murphree. "We evaluate the risk and determine the level of risk. Usually, the education needed is just a misunderstanding of what the implications are."
Integrating Electronic Access Control and Network Security
In an effort to compile an all-in-one network, some end users are requesting that manufacturers integrate various systems. Many plant automation packages are already on the market to provide integration of plant automation systems with enterprise systems, including supply chain networks and inventory control. Now some companies are beginning to respond to requests to integrate the software programs for electronic access control and network security.
There are some potential pros and cons for this integration process. The most obvious advantage of an integrated system is that the security and IT administrators only have one system to be the watchdog for all security-related incidences. The most obvious disadvantage is that if a hacker breaks into the system, he or she has access to all the security in one fell swoop.