Cyber incidents add to downtime costs

Cyber incidents can add to downtime costs in a big way if there isn't a solid cybersecurity plan in place to mitigate the worst effects.

By Gregory Hale, ISSSource January 30, 2018

Manufacturers may understand the cost of downtime, but when a cyber incident is added into the mix, costs could quickly spiral out of control if there is not a solid security plan in place.

"(Security) awareness is increasing and the connection that needs to be made is asset owners have been long aware of consequences they want to avoid, but the connection that needs to be made is those consequences can be precipitated by means other than they have anticipated where they might have in the past focused on physical equipment failure now we are educating them and they are aware a cyber incident—be they deliberate attacks or inadvertent incident—could cause the same problem," said Eric Cosman, a cyber security expert with ARC Advisory Group during a podcast with the SANS Institute. "That is a positive development."

When users come to grips with understanding downtime costs as they relate to cybersecurity, that could lead them to a discussion about a security return on investment (ROI).

"Security investments are really good business," said Doug Wylie, director at SANS Institute. "Making an investment in security is really aiding us in risk avoidance. It accelerates our ability to make sure we are addressing risk so we can respond and recover."

While technology is available to help deal with security issues, but Wylie said security all comes down to people. "It is a people problem first. When we are making our investments, the first dollars spent should be oriented toward people to make solid decisions to address downtime and make sure we are getting a return on investment."

Looking at ROI and understanding the cost of downtime is an end-point of a security issue, but before end users jump into a security program, they need to start somewhere.

"The first thing they have to do is understand what it is they are trying to secure," Cosman said. "It is very common to see they don’t have an active description of what they have in their facilities. There is a tendency sometimes for people to look for the silver bullet, ‘tell me what tool I have to implement to keep my facility secure.’ Unfortunately, it is not that simple. If you go to technology first, you are probably going to spend money you don’t need to spend and you will get less than a desirable result. So, you have to focus on the assets and the processes you use and the people. Once you have that foundation in place then you can start to look at specific tools and technologies to make your situation better."

Security is such a dynamic environment, it is hard for manufacturing automation professionals to step away from the everyday work load, but there are approaches they can take to ensure a secure workspace.

"Operations technology (OT) Companies are very accustomed to using continuous improvement models in their process—striving for enhanced efficiency and productivity," Wylie said. "In order for progress to be made, establishing a baseline of where an organization is remains essential. It is considering all facets of risk that could affect the operation and the main objective of the industrial control system. We also have to accept the fact there will be setbacks and by using continuous improvement models, we can learn from those issues and make sure we are not going to complete past mistakes."

Along the lines of that ever-evolving security environment, Cosman said, "Security is not a project it is a process, by implementing that continuous improvement cycle again and again, you move up the ladder of security performance."

Gregory Hale is the editor and founder of Industrial Safety and Security Source (, a news and information Website covering safety and security issues in the manufacturing automation sector. This content originally appeared on ISSSource is a CFE Media content partner. Edited by Chris Vavra, production editor, CFE Media,

ONLINE extra

See related stories from ISSSource linked below.

Learn more about the 22nd Annual ARC Industry Forum.

Original content can be found at