Maintenance Technology April 2016 - (Page 41)

INFORMATION TECHNOLOGY More than 80% of computer-system breaches had patches available for more than a year. Are your systems up to date? You Can Prevent Attacks In a presentation at the recent ARC Forum conference (Feb. 8 to 11, 2016, Orlando, FL,, Stuart Madnick, professor of information technologies at MIT's Sloan School of Management, Cambridge, MA, presented findings from research performed as part of the MIT Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity. Addressing the question, How did breaches (threats) occur? ■ 67% were aided by significant errors by the victim ■ 64% resulted from hacking ■ 38% used malware ■ >80% of breaches had patches available for more than a year ■ 75% of cases go undiscovered or uncontained for weeks or months. Do You Have Cyber Security? FEW COMPANIES HAVE a true grasp of cyber security and their computer technology in general. For most, when cyber security rears its ugly head, it's usually in the form of a very expensive crisis. It's a massive undertaking to gain a full grasp of what you own in terms of hardware and software, who has access to your systems, and how resistant you are to cyber attacks. It's likely that the most challenging aspect of cyber security is maintaining control into the foreseeable future. To help you better evaluate your situation, here's information from two people with more than a little cyber-security experience.-Gary L. Parr, editorial director APRIL 2016 ■ Findings from the Research ■ Solving security problems "upstream" is more effective than fixing them "downstream." ■ Models help understand the security issues involved in patching and software release dynamics. ■ Understanding the tools and techniques of finding vulnerabilities helps improve security. ■ Understanding the researcher/hacker/security workforce helps with defense. ■ All organizations can learn from bug bounty programs. The MIT people also recommend that you apply accident and safety research to cyber-security failures. In other words, they treat events as a type of accident and use prior research from other events to identify, understand, and mitigate possible cyber hazards. ■ Seven IT Factors to Apply to ICE Mike Bastian, global controls manager, Ford Powertrain, Dearborn, MI, discussed his team's work to apply IT security practices to the industrial control environment (ICE) in a presentation at the Manufacturing in America event, held in Detroit, March 23 and 24, 2016. The event was presented by Siemens Industry Inc., Norcross, GA, and Electro-Matic Products Inc., Farmington Hills, MI. As a result of their work, they have identified seven areas that should be applied to ICE: ■ Establish a disaster-recovery plan that allows you to promptly replace/ restore all hardware and software. ■ Maintain full control over any changes in hardware or software. ■ Implement a "line of sight" arrangement that does not allow any external access to internal networks/systems. ■ Install virus and malware protection and keep it up to date. ■ Use secure access controls, particularly passwords, wherever possible. ■ Determine early on what will be the end of life for hardware and software. ■ Manage your internal technology and that of your suppliers. For Ford, that means Tier I and II suppliers. MT MAINTENANCETECHNOLOGY.COM | 41 http://www.MAINTENANCETECHNOLOGY.COM

Table of Contents for the Digital Edition of Maintenance Technology April 2016

My Take
On The Floor
Culture Changed At This Indiana Refinery
She Ignores The Glass Ceiling
Loadability Studies Aid PRC-025-1 Compliance
Look System-Wide For Cost Savings
Reliable Pumping Supplement
Fund Lubrication Program With Energy Savings
Emergency-Stop Choices
Cyber Security
Backup Generators
Infrared Safety Tips
Internet Of Things
ISO 55000
Motor-Testing Tools Expand Services
Ad Index
Final Thought

Maintenance Technology April 2016