A recent incident demonstrated just how important the issue of plant network security has become -- and how easy it is to screw it up.
What happened was unfortunately quite simple -- a contractor working on a DaimlerChrysler project got fired, and yet sloppy security settings allowed him to access the automaker's companywide wireless network and wreak some serious, disgruntled ex-employee-style havoc from a computerized customer kiosk in the plant's lobby.
According to the guilty plea filed with US attorney Stephen J. Murphy's office:
Based on his familiarity with DaimlerChrysler's computer system, which had been gained when Johns worked for Intermec, a computer company working with Daimler Chrysler, Johns was able to enter commands from this computer terminal that caused files and passwords to be deleted from wireless devices located in remote parts distribution facilities, that is, devices located in MOPAR facilities located in Atlanta, Portland and Denver.
As a result of the damage to these devices, it was necessary to remove and repair them, causing each MOPAR facility to shut down for approximately 7.5 hours, and resulting in over $25,000 in damages.
The moral of the story? I can't tell if it's simple (i.e., lock down your networks) or more complicated (finding that delicate balance between outsourcing non-core processes and security, which should be a core competency for every company).
At least he didn't "go postal"...