Schaedler Yesco blog post
Steve HartzfeldCybersecurity and Technical Debt
  
by Steve Hartzfeld, Automation Specialist, Schaedler Yesco



I recently had the opportunity to attend a Cybersecurity Symposium, and while it was a very nice event with interesting speakers and a beautiful venue, one panelist made a comment that almost knocked me off my chair.

As an Industrial Automation Specialist at Schaedler Yesco, my focus lies in information software and network technologies in manufacturing. I have a solid understanding of the intersection of cybersecurity and manufacturing, but acknowledge that I’m a bit biased based on the specificity of my work.

Back to the panelist’s comment - with a little backstory. The discussion was about ‘technical debt’, a very interesting topic and one that was covered thoroughly and effectively by the panel. Technical debt refers to the accumulation of imaginary debt over time when the best technical solution is passed over for an inferior but cheaper or easier solution, or for no new solution at all. This debt rears its ugly head after years of inaction or quick and easy patches. This principle applies in all sorts of fields – software development, IT, manufacturing, and others. In my world, a perfect example is years of daisy-chaining cheap unmanaged switches in order to add ports to an Industrial Control System (ICS).

Another example might be ignoring the lifecycle of your critical automation equipment for many years. It’s cheaper, easier and quicker at the time, but you are essentially borrowing against your future. The further down the road you travel, the more expensive and difficult it is to get to an acceptable starting point for a new solution.

I’ve seen it happen time and time again. After a decade of cheap fixes and few upgrades, an end-user is faced with a significant capital expenditure and serious project planning just to remain serviceable. Had upgrades been addressed over time, the investment would have been more manageable in both scope AND cost. Unfortunately, when the installed base of obsolete gear is no longer serviceable, that accumulated technical debt is painful. There are other facets to technical debt, but we can talk about those later.

The panel discussion I keep alluding to was focused primarily on enterprise cybersecurity with a focus on preventing the theft of Personally Identifiable Information (PII) and financial data. Considering the impact of massive breaches at companies like Yahoo, Marriott, and Equifax to name a few, it’s almost certain that you have been affected in one way or another by cybercriminals.

The panelist was right in calling out the dire need for robust cybersecurity measures to prevent breaches like these from happening. However, he then made the assertion that manufacturing companies that don’t possess a significant amount of PII or other sensitive information do not need to invest as much into cybersecurity.

I was flabbergasted. How could someone so well-read and experienced discount the need for cybersecurity in manufacturing? While breaches in manufacturing are often not headline news and typically do not affect as many people, their immediate impact can be dramatically more severe.

Modern manufacturing systems are connected using the same ethernet network technologies found in the enterprise and even in our homes. This means that the systems being used to create the goods and materials that fuel the global economy; the systems that turn motors, move conveyors, apply heat, cut, roll, stamp; the systems that keep all of those processes, and the people involved in them, safe, are at risk from the same kinds of threats.

Most ICSs contain proprietary recipes or other sensitive product information that represents immense value to the manufacturer in the form of product quality, reputation and, ultimately, revenue stream. More importantly, when machinery and its safety systems can be tampered with via cyberthreat, there is an immediate risk to human life and limb.

The bottom line is that cybersecurity breaches in manufacturing put all the above at risk. And while there isn’t an easy solution or a silver bullet technology to employ, many facilities aren’t doing ANYTHING about it.

Working in manufacturing means we are stewards of great brands, the machines we’re charged with maintaining and overseeing, our employees and our coworkers, it is incumbent upon us to start taking a proactive approach to cybersecurity. The additional visibility and information that can be gleaned using industrial cybersecurity tools like Tripwire, for example, can even help you better manage your assets and improve the overall effectiveness of your plant. Any complacency or inaction on our part now will lead to the accumulation of technical debt, which will end up costing us - one way or another.

Steven Hartzfeld is the Network, Security, and Information Software Specialist at Schaedler Yesco. Prior to joining SYD in 2013, Steven served in the United States Navy as a gas turbine controls and instrumentation technician and work center supervisor aboard the guided missile cruiser USS Anzio, based in Norfolk, VA. He has a BS in Information Sciences and Technology from Penn State, and will complete his Master’s in Business Administration, also at Penn State, this December. Steven holds a CCNA certification from Cisco in both Routing & Switching and Security, and a BICSI INSTC certification. In his personal time he coaches Hershey Little League baseball and serves on the board of directors. Living outside of Hershey, PA, he and his wife Lisa have two sons, Max (8) and Parker (5) and a 7 year old American Staffordshire Terrier named Lexi.

   News & Updates
Siemens awards Schaedler Yesco prestigious Eagle Award

SYD ranks 32nd in the Top 50 Fastest Growing Companies in Central PA
More details

Siemens awards Schaedler Yesco prestigious Eagle Award

Siemens awards Schaedler Yesco prestigious Award
More details

Schaedler Yesco Works Hard and Gives Back

Schaedler Yesco Works Hard and Gives Back
More details

It's Time We Encourage and Celebrate Skilled Tradesmen

It's Time We Encourage and Celebrate Skilled Tradesmen
More details

SYD Continues 95th Anniversary Celebration

SYD Continues 95th Anniversary Celebration
More details

Cybersecurity and Technical Debt

Cybersecurity and Technical Debt
More details

 	NEWS RELEASE:  Schaedler Yesco Announces Oil & Gas Specialist Schaedler Yesco Announces Oil & Gas Specialist
More details
 	NEWS RELEASE:
            Schaedler Yesco names Farrah Mittel as President Schaedler Yesco names Farrah Mittel as President
More details
 	NEWS RELEASE:
            Schaedler Yesco names Farrah Mittel as President Schaedler Yesco Celebrates 95 Years
More details
 	NEWS RELEASE:
            Schaedler Yesco Distribution designated as one of the Top 50 Fastest Growing Companies in Central PA Schaedler Yesco is recognized as one of the Best Places to Work in Pennsylvania for 2018
More details
DuBois location moves to provide greater convenience to customers DuBois location moves to provide greater convenience to customers
More details
Friedel elected to Keystone Energy Efficiency Alliance (KEEA) Board of Directors Friedel elected to Keystone Energy Efficiency Alliance (KEEA) Board of Directors
More details
 	NEWS RELEASE:
            Schaedler Yesco Distribution designated as one of the Top 50 Fastest Growing Companies in Central PA SYD designated as one of the Top 50 Fastest Growing Companies in Central PA
More details

   Videos
Cybersecurity and Technical Debt

Celebrating 95 Years of Real Life Experience
More details

VIDEO: Schaedler Yesco - Who we are! Who we are
More details
VIDEO: Schaedler Yesco - Lighting Solutions Lighting Solutions
More details
VIDEO: Schaedler Yesco - DataComm Solutions DataComm Solutions
More details
VIDEO: Schaedler Yesco - Inventory Management Solutions Inventory Management Solutions
More details
VIDEO: Schaedler Yesco - Wire Solutions Wire Solutions
More details

   Products & Promotions
Products & Promotions - Schaedler Yesco Distribution  To view our Products &
  Promotions click here