Categories
Industrial IT

Do not pass go, do not collect $200

I’m Jason Firth.

I don’t make it a habit of commenting on local news stories, but this one really got under my skin: A car dealership demanded additional money from a customer after the sale concluded, and when the purchaser refused to comply, they remotely disabled the vehicle.

A consumer rights organization spoke to consumer rights law, but let’s call a spade a spade here: this is a criminal act. Someone should be going to jail over this.

Perhaps you think I’m being melodramatic about this, but hear me out. This dealer accessed computer equipment they had sold — equipment they no longer owned and were not authorized to access. They did so for the express purpose of following up on a threat they’d made: “either pay us, or we will hack and disable your vehicle.”

This is exactly the modus operandi of the WannaCry hackers. They took over systems they did not own, and issued an ultimatum: pay us or lose access to these systems we do not own.

Besides the thinnest veneer of respectability, there is no difference between the two.

Well, there is one difference, but it is without distinction for legal purposes: whereas the WannaCry hackers had to force their way into systems, the auto dealership left a bomb in the car they once owned.

On a few occasions, disgruntled former employees have used old usernames and passwords to get into the systems of former employers. It’s still very illegal and the fact that they had a username and password does not mean they are magically authorized to enter systems for which they no longer have reason to enter.

Both the WannaCry hackers and disgruntled former employees would go to jail for their crimes. The responsible people at this dealership ought to as well.

In the grand scheme of things, this should also be a warning to those of us who are in charge of digital systems: if a car dealership can commit extortion, if they can use a trap well laid to demand more money, then so can former employees. It’s important then to make sure you revoke permissions immediately when people leave the company, and do routine audits to find hidden bombs before they can turn into a threat down the line.

Thanks for reading!

Categories
Process Control

Blue skies, green Fields

I’m Jason firth.

One commonality I notice when people ask me to help solve a problem is that quite often they explicitly limit solutions to “what sort of control systems can we install?” Type queries.

I immediately force myself to ignore the question as presented, because of the limits it puts on the creativity we can use to solve problems.

Occasionally, we can introduce a new and innovative control system to solve a problem, but just as often, we need to take a step back and re-examine the problem. Sometimes we can solve a problem by providing more data to operators, or by making it easier to follow procedure using their current user interface. Sometimes we need to inform rather than control. Sometimes we need to analyze in a new way. Sometimes it’s a maintenance problem and fixing a chronic problem will help. Sometimes there’s no problem at all and things must be operated on a certain way for safety or operational reasons.

By looking at problems outside of their ostensible technical scope, we can see the systems involved. We can ask questions we might not have asked otherwise: systems involve processes, equipment, operators, procedures, user interfaces, and control systems. Sometimes the answer comes from looking at the whole picture rather than a small piece.

Looking at problems this way also provides new opportunities. A few years back, I was asked to investigate problems with a certain Historian in gathering process critical data. What I discovered was that we were asking the historian to do something incompatible with its design. Historians consist of dozens of working parts, all of which need to function for data to be saved and retrieved. Instead of fighting the historian to conform, we created a new system which consisted of a single simple program with one purpose. Instead of requiring dozens of systems to work, suddenly we only needed two: retrieval and storage. Once we created this new system, we were able to extend it to automatically produce files for regulatory reporting — an unexpected boon which saved the site time and increased accuracy.

This provides new opportunities for a shop. Many people want their shop to limit its influence to “what control systems can we install”, but by looking at a strategy which embraces increased responsibility and increased work in service to other groups, new opportunities arise, because it’s all connected.

Everyone wants to find a new and innovative and cool control system, but sometimes you need to step back from that well trodden lot, and look at the areas nobody is looking, where there are blue skies and green fields, waiting for someone.

Thanks for reading!

Categories
Management and supervision

The next road

I’m Jason Firth.

It’s been a long while since I updated, because I’ve been transitioning into a new role: planning and supervising the instrument shop, and supervising the gas fitters.

The transition from front line worker to front line supervision has meant a whole new set of challenges, and a whole new viewpoint.

As a worker, road blocks are a nuciance. “They really ought to make this easier”, I’d say. We’d all say it. Now, navigating those road blocks and keeping workers away from them is a big part of my raison d’etre. The more I can keep my guys working on jobs, the better job I’m doing.

There’s a lot of road blocks out there, too. From inception, the question of whether work should even be completed ought to be answered by supervision and management before a worker is ever even close to being assigned the job.

In maintenance planning, there’s a lot of processes that should exist and be followed to ensure the job is properly vetted. For corrective work, risk analysis can help justify work. For preventative maintenance, a methodology like Reliability Centred Maintenance can define and justify which work shall be done. For proactive maintenance, there are a number of failure mode analysis tools which can help dictate what work should be done in response to different unmanaged failures.

Following processes like these can help on two fronts: it helps ensure that front line workers aren’t wasting their time on work that is going to be immediately vetoed, and it helps ensure that supervision and management have their finger on the pulse of exactly what is going on and why. Besides that, it ensures that appropriate documentation to support work exists so you can go back as part of a living program and see how your assumptions worked out.

Next up are planning road blocks. Ideally, you should have all the parts kitted for the job, you should have all the steps identified, correctly documented, and permits pre prepared as much as possible. If you can schedule the job as well and coordinate with operations to get the equipment in question, that’s another major roadblock that front-line folks won’t have to deal with.

During execution, your best people will have their better nature working against them. People will want help with their personal priorities, but the problem is if you’re focusing on everything, you’re focusing on nothing. It’s important to keep your people on the task at hand. For those who have personal priorities, they need to enter their work into whatever work management process you have.

Looking at the big picture, the work management process is your most important tool. See the work, prioritize it, plan it, schedule it, execute it. This requires teamwork not just amongst your team, but amongst your site.

The “hey buddy system” is any time where someone sidetracks the work management process and tried to get their work done through side channels. This is sometimes appropriate for high criticality work, but usually it isn’t appropriate. Every job that gets done on the “hey buddy system” is another job that went through the proper channels that got delayed. When someone successfully gets their job done this way, it reduces the credibility of the process, and increases the number of “hey buddy” jobs done.

This is the easiest roadblock for great workers to hit: the traffic jam. A hundred uncontrolled jobs hit at once, and in trying to keep everyone happy by focusing on all these jobs, none but the simplest jobs get done.

If I’m doing my job right, then everyone should win: the workers should be less stressed out because they can focus just on doing the work safely. Operations should have the right work happening at the right time. Supervision and management can complete their due diligence in preparing work, and a system of continuous improvement should help make the process consistently smoother.

To be honest, although I took the career track change for professional reasons, the reason I get out of bed in the morning (and one of the big reasons I applied for the job) is knowing how difficult life is on the front line when you don’t have someone there willing to handle these problems.

As for a different perspective, You get to peek out from the front line and see (or even steer) the path ahead. Changing from being a passive observer of what’s coming down the line, you can become an active participant.

I’m sure I’ll have plenty more to say in the future, but this is what I’ve learned so far in my crash course on supervision.

Thanks for reading!