Double interest in cybersecurity

Think Again: Convergence of cybersecurity efforts from operational and information technology specialists is creating extra interest, encouraging investments, changes in policies and procedures, and training.

06/15/2018


Image courtesy: Ilya Pavlov/UnsplashCybersecurity interest at company's board level is helping to create discussions, convergence, and collaboration of efforts from operations technology (OT) and information technology (IT) specialists. While spending continues to increase to upgrade technologies and behaviors to combat cybersecurity threats, there is no cure-all answer. These were the views of Walter Sikora, division manager, cyber security services, ABB industrial automation division, in a discussion with CFE Media at ARC Forum in February. His perspectives and advice follow. 

Cybersecurity understanding

OT personnel, including those with automation and controls responsibilities, are getting smarter about cybersecurity risks and why they need to protect operational assets. However, many organizations still lack the maturity level required to use effectively advance security technologies such as network anomaly detection or purchasing a subscription to indicators of compromise (IOC).

Most OT personnel should focus their attention to the basics such as perimeter access controls, segmentation, system hardening, security patching, endpoint security, and malware protection along with periodic assessments and awareness training.

In process industries, it's impossible to have a safe and reliable system without affording some serious attention to cybersecurity. In the past few years, more attention has been given to measuring the number of incidents and sharing information.

For example, Sikora said in February the CEO of one company who suffered a cyberattack in June of 2017, shared they lost 10 days of production with more than $200 million in bottom-line losses, recovery requiring purchase, and configuration of 45,000 new computers in 10 days.

Leadership on sharing this type of information is needed to make the industry aware that the threats and risks are real.

Automation vendors can help customers understand and mitigate risks and sustain production by offering related cyber security services to help prevent attacks from impacting operations. Operation personnel can calculate the return on investment (ROI) of these services if they consider the cost of a cyberattack on their operations if they take no measures to protect their assets. 

Cybersecurity education

Educating the organization on cyber risks is key, especially since many hackers still gain access through phishing schemes. Also, the notion of system isolation no longer apply; as systems running on 10-to-15-year-old software often are vulnerable to exploits that can be transferred by way of mobile devices like USB keys, laptops, or an operator who wants to charge their cell phone by plugging into a workstation. Think again about helping others in your organization understand cybersecurity risks and mitigations.

Equally important is educating the IT personnel, who often lack detailed knowledge of plant-floor intricacies but have discipline to offer valuable assistance regarding change management and criticality of mitigation actions, with a side of healthy paranoia they can benefit from learning how operation systems function.

Those serious about addressing risk can use key performance indicators (KPIs) related to security. Many companies, especially the largest ones, have implemented and report security measures to their leadership and board of directors to communicate the effectiveness of their security programs and to show value of the investments being made or where they need to be made.

Mark T. Hoske, content manager, Control Engineering, CFE Media. Courtesy: CFE MediaEven so, in many cases, organizations are insecure when best practices are not properly implement or continuously sustained. OT personnel have been developing a better understanding of the complexity of security concepts and how to implement cyber protection of their production systems but they still need to collaborate with the operational system suppliers.

Mark T. Hoske is content manager, Control Engineering, CFE Media, mhoske@cfemedia.com.

Keywords: IT, OT, industrial cybersecurity

  • Cybersecurity improves when information technology and operations technology personnel collaborate.
  • Continued cybersecurity training is important.
  • Seek help from automation vendors for cybersecurity assessments.

Consider this

Is your organization treating cybersecurity education like safety, an ongoing and persistent process? 

ONLINE link

ABB offers cybersecurity help.



Engineers' Choice Awards
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers.
System Integrator Giants
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
How to Maximize Factory Automation Efficiency with Low Cost Machine Vision
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Wireless Reliability in Harsh Environments
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
Human Factors and the Impact on Plant Safety
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
July 2018
Ladder logic best practices and object-oriented programming, safety instrumented systems, enclosure design issues and challenges, process control advice
June 2018
Discrete and process sensor fundamentals, autotuning controls, system integrator roundtable
May 2018
Salary and Career Survey, IT and OT convergence, robotic standards and safety, secure circuit protection
Edge Computing
This article collection contains several articles on how today's technologies heap benefits onto an edge-computing architecture such as faster computing, better networking, more memory, smarter analytics, cloud-based intelligence, and lower costs.
Data Center Design
Data centers, data closets, edge and cloud computing, co-location facilities, and similar topics are among the fastest-changing in the industry.
PLCs
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. Featured articles in this digital report compare PLCs and programmable automation controllers (PACs), industrial PCs, and robotic controllers.
SIDB

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

June 2018
Machine learning, produced water benefits, progressive cavity pumps
April 2018
ROVs, rigs, and the real time; wellsite valve manifolds; AI on a chip; analytics use for pipelines
February 2018
Focus on power systems, process safety, electrical and power systems, edge computing in the oil & gas industry
John O. Ayuk, PE, CFSE, PMP, CAP
Automation Engineer; Wood Group
Doug Baker
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
Engineers' Choice Awards
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers.
System Integrator Giants
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
How to Maximize Factory Automation Efficiency with Low Cost Machine Vision
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Wireless Reliability in Harsh Environments
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
Human Factors and the Impact on Plant Safety
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
July 2018
Ladder logic best practices and object-oriented programming, safety instrumented systems, enclosure design issues and challenges, process control advice
June 2018
Discrete and process sensor fundamentals, autotuning controls, system integrator roundtable
May 2018
Salary and Career Survey, IT and OT convergence, robotic standards and safety, secure circuit protection
Edge Computing
This article collection contains several articles on how today's technologies heap benefits onto an edge-computing architecture such as faster computing, better networking, more memory, smarter analytics, cloud-based intelligence, and lower costs.
Data Center Design
Data centers, data closets, edge and cloud computing, co-location facilities, and similar topics are among the fastest-changing in the industry.
PLCs
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. Featured articles in this digital report compare PLCs and programmable automation controllers (PACs), industrial PCs, and robotic controllers.
SIDB

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

June 2018
Machine learning, produced water benefits, progressive cavity pumps
April 2018
ROVs, rigs, and the real time; wellsite valve manifolds; AI on a chip; analytics use for pipelines
February 2018
Focus on power systems, process safety, electrical and power systems, edge computing in the oil & gas industry
John O. Ayuk, PE, CFSE, PMP, CAP
Automation Engineer; Wood Group
Doug Baker
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
Engineers' Choice Awards
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers.
System Integrator Giants
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
How to Maximize Factory Automation Efficiency with Low Cost Machine Vision
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Wireless Reliability in Harsh Environments
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
Human Factors and the Impact on Plant Safety
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
July 2018
Ladder logic best practices and object-oriented programming, safety instrumented systems, enclosure design issues and challenges, process control advice
June 2018
Discrete and process sensor fundamentals, autotuning controls, system integrator roundtable
May 2018
Salary and Career Survey, IT and OT convergence, robotic standards and safety, secure circuit protection
Edge Computing
This article collection contains several articles on how today's technologies heap benefits onto an edge-computing architecture such as faster computing, better networking, more memory, smarter analytics, cloud-based intelligence, and lower costs.
Data Center Design
Data centers, data closets, edge and cloud computing, co-location facilities, and similar topics are among the fastest-changing in the industry.
PLCs
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. Featured articles in this digital report compare PLCs and programmable automation controllers (PACs), industrial PCs, and robotic controllers.
SIDB

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

June 2018
Machine learning, produced water benefits, progressive cavity pumps
April 2018
ROVs, rigs, and the real time; wellsite valve manifolds; AI on a chip; analytics use for pipelines
February 2018
Focus on power systems, process safety, electrical and power systems, edge computing in the oil & gas industry
John O. Ayuk, PE, CFSE, PMP, CAP
Automation Engineer; Wood Group
Doug Baker
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me