Working Together for Cybersecurity – Digging Deeper with Mike Hutchings, Vice President, Rockwell Automation Canada

December 20, 2019

By Owen Hurst

The rise of connectivity and connected devices has been a major focus and the driving factor behind advancing automation and control products and solutions. And while connectivity is a shining star in terms of creating efficiencies and growth, we are all aware of the darker side of connecting devices, namely the threat posed by nefarious individuals.

Thus, one of the greatest advantages in the development of automation also presents the greatest threat. However, in society there have always been those that have arisen to combat threats, and we have always been strongest when we band together regardless of lines on a map or even when in competition with one another.

Cybersecurity is how we combat and protect ourselves from the threat of hackers, and although many companies, organizations and associations have developed strong abilities in this field, a recent global alliance was formed under the International Society of Automation (ISA) to combat these threats.

In July of this year the ISA announced the foundation of the Global Cybersecurity Alliance (GCA) and its founding members include Rockwell Automation, Schneider Electric, Honeywell, Johnson Controls, Claroty and Nozomi Networks.

To learn more about the Alliance Panel Builder & Systems Integrator asked Mike Hutchings, VP of Rockwell Automation Canada a few questions about the Alliance, Rockwell’s position within it and a more direct look at how this is playing out in Canada.

Mike noted that “The Global Cybersecurity Alliance (GCA) was developed to proactively increase awareness and adoption of cybersecurity best practices, standards, and compliance. These efforts are critical to protecting the myriad benefits of the Industrial Internet of Things and digital transformation. By adopting best practices, standards, and compliance, companies can better protect their information, intellectual property, physical assets, workers, and the environment. That so many members are endorsing this approach speaks well to the mutual interests we all have in protecting industry from unethical hackers.”

The number of members endorsing this, as Mike mentions, is notable that Mike mentions, is notable because it is a growing sign of the threats being faced by those in the automation industry, and the increasing variety of attacks being utilized by hackers. Also, extremely important is that the Alliance is focused on a proactive approach through best practices, standards and compliance. Too often we take a retroactive approach to threats and focus on the specifics of individual threats or attacks. The GCA however, is focused on forward thinking and developing a broad-based approach to protect the industry as whole, an approach that the ISA has been focused on for many years.

One of most important points is the adoption of global standards as this approach provides the strongest barrier to hackers.

Mike identifies that “Rockwell Automation adopts international standards wherever appropriate and possible, and product certifications announced at Automation Fair (ISA/IEC 62443) will apply to Canada as well. During Automation Fair, Rockwell Automation announced achievement of ISA/IEC 62443-2-4 certification, which defines security requirements for service providers. Rockwell Automation also announced an increase in maturity level certification for ISA/IEC 62443-4-1 Security Development Lifecycle use.”

As Mike notes these standards of course apply to Canada and the Standards Council of Canada website includes Can/CSA-IEC 62443.

The ISA noted in July that they are the “developer of the ANSI/ISA 62443 series of automation and control systems cybersecurity standards, which have been adopted by the International Electrotechnical Commission as IEC 62443 and endorsed by the United Nations. The standards define requirements and procedures for implementing electronically secure automation and industrial control systems and security practices and assessing electronic security performance. The standards approach the cybersecurity challenge in a holistic way, bridging the gap between operations and information technology.”

Mike built on this by noting that “the new certifications were independently performed by TÜV Rheinland and add to a growing list of ongoing Rockwell Automation achievements as the company helps customers strengthen cybersecurity.”

But of course, talking about standards is one thing, but implementing them into products and solutions can be somewhat more difficult. Rockwell has worked hard to drive the standardization, which in turn allows their customers an easier route to best practices and compliance.

“Earlier this year, Rockwell Automation introduced the first industrial controller certified to ISA/IEC 62443-4-2, with more products to follow. Rockwell Automation is also working to expand the use of the ODVA CIP Security protocol, which helps make sure only authorized devices are connected in industrial operations. It also helps prevent tampering or interference with communications between those devices.

“Rockwell Automation released the ControlLogix EtherNet/IP communication module earlier this year and is planning to introduce new technologies to expand CIP Security protection to legacy and non-CIP Security devices in the coming year. In addition, the upcoming release of the PlantPAx 5.0 distributed control system is expected to include ISA/IEC 62443-3-3 certified architectures to help users deploy appropriate control system security levels.”

As a founding member of the GCA Rockwell has revealed, and Mike has confirmed that Rockwell Is rooted in working against threatening advancements in connectivity.

This truly echoes the original goals for the Alliance and Rockwell that were outlined by Blake Moret, CEO of Rockwell Automation, “Cybersecurity is critical to digital transformation. It’s critical not only for the protection of information and intellectual property, but also for the protection of physical assets, the environment, and worker safety. We make it a priority to collaborate with partners and research institutions to develop secure products. Rockwell Automation participated in the development of the 62443 standards from the beginning and continues to support ISA cybersecurity initiatives. Our engagement with the Global Cybersecurity Alliance will be another important step in our efforts to help customers identify and mitigate risks.”