You were recently hired on as the plant electrical engineer. The plant has a critical line with two operators, each working on a different shift. Being an operator on that particular line requires a lengthy training and certification process.
During your first week on the job, the dayshift operator, Alaina, asks if she can meet you in your office after her shift ends. You agree. The meeting starts off with her saying that “Backshift Ben” (the other operator) will confirm everything she’s about to tell you.
Starting a few months ago, the scrap rates would periodically “hockey stick.” Maintenance has been through the equipment with the proverbial fine-toothed comb. A few things have been adjusted, and all PMs have been performed whether due or not, but no major problems were found.
Alaina said that one evening, Ben noticed small changes in the recipe. So he obtained the master record and re-installed the original. His supervisor chastised him for the downtime involved and told him to let maintenance fix the equipment problems. But maintenance does not involve itself with recipes; that is strictly the purview of operations. Alaina also tried this, and in both their cases, the scrap rate went back down for several days. Then the recipe would subtly change again.
Two new people are now undergoing training on that machine, a sign to Alaina that she and Ben will be fired for their apparent incompetence. But she maintains there is something going on with the equipment. How can you get to the bottom of this?
Answer to Quiz
Given the stringent qualifications for these operators to hold their jobs, both operations management and maintenance management should have taken them seriously rather than assuming they were causing these problems.
This has some of the classic hallmarks of industrial sabotage via at least one security breach. There’s almost no other explanation for this problem. And where there’s one security breach, there are probably others.
It’s worth noting that since there is only one operator per shift, this equipment is unattended for a significant time per shift because of two breaks, a lunch break, and the occasional bathroom break. Given the complexity of operating the equipment, the operators are often too focused to notice that someone may be watching for an opportunity to physically access the equipment.
Your first step should be to access the recipe update history. There should be a technician UI of some sort for this purpose. Once you have this history, you can spot the off-schedule updates and compare the timing to the scrap rate history.
If you see the unscheduled updates do not occur on Ben’s shift, then you can make some needed enhancement during that shift. If the unscheduled updates do occur on Ben’s shift, you’ll have to get out of bed to bring in a contractor on the non-existent third shift to do the enhancements. These will involve two steps:
- Install hidden cameras that can be accessed via live streaming. Alaina and Ben will turn these on and off via a phone app any time they are not at the equipment. Someone in operations should be monitoring periodically throughout the day, as well. The plant needs to catch the perpetrator.
- If possible, install monitoring software on the PLC. Consult the manufacturer for advice.
Once the perpetrator is identified and proper action against that person is taken, provide physical locks to limit access to any USB ports. Then also install cameras that are readily visible to serve as a deterrent to any other saboteurs.
The worst possible thing to do at this point is to consider the problem solved and move on. Only this one saboteur has been caught. It is critical to identify whatever security breaches enabled that saboteur to commit the sabotage so those holes can be closed. This is far from over. Convince the plant manager that the plant needs to hire a security consultant to look at not only this line but all lines and the plant in general. This incident may well be a “canary in the mine” and other security breaches may be allowing a bad player to steal or alter other proprietary information.
