Why Cybersecurity Must be Part of Your Safety Plan

PB 25 Rockwell newlogo 400

March 26, 2020

By Steve Ludwig, Commercial Programs Manager, Safety, Rockwell Automation

The dangers that cyber threats pose to intellectual property, customer records and productivity are well known, but less discussed are the safety implications of these threats. A cyberattack on your industrial control system (ICS) can damage physical assets, alter recipes, injure workers or cause severe environmental damage.

If you’re on a digital transformation journey – whether it’s a managed process or slow evolution – managing the inherent safety and security risks should be an integral part of the process.

A properly designed security approach will improve information collection, analysis and delivery. It will minimize security-related interruptions and frustrations. And it will help protect your enterprise.

Know your risks

Today, both security and safety standards already recognize the link between safety and security risks.

Cybersecurity standard ISA/IEC 62443-1-1 mentions that security breaches can have consequences beyond compromised information. The standard states: “The potential loss of life or production, environmental damage, regulatory violation and compromise to operational safety are far more serious consequences. These may have ramifications beyond the targeted organization; they may grievously damage the infrastructure of the host region or nation.”

Functional safety standard IEC 61508-1 specifies that hazards associated with equipment and control systems must be determined under all reasonably foreseeable circumstances. The standard says: “This shall include all relevant human factor issues and shall give particular attention to abnormal or infrequent modes of operation of the EUC. If the hazard analysis identifies that malevolent or unauthorized action, constituting a security threat, as being reasonably foreseeable, then a security threats analysis should be carried out.”

Security, like safety, approaches issues based on managing risk, leveraging continuous assessment and baselining to ensure you are managing to a risk threshold. Your level of acceptable risk will vary by industry and potential outcomes.

Considering that most cybersecurity attacks are based on the attacker simply finding a vulnerable target – rather than being specifically targeted due to industry or prominence – a cybersecurity attack is a foreseeable circumstance in virtually every industry. Assessing your cybersecurity risks, determining your level of acceptable risk and mitigating identified risks to an acceptable level are now the basic “reasonable” steps to help protect people from foreseeable misuse and malevolent or unauthorized actions.

As with safety, ignoring cybersecurity and associated risks is the mistaken belief that “if I don’t know about the risk, I can’t be held accountable.” That’s not an acceptable posture, ethically or for compliance purposes, especially when lives are on the line.

Address risks together

Some have used the risks that connected technologies can introduce as an argument against modernization. But, it’s important to recognize that doing nothing is not a solution. Maintaining legacy systems too long not only deprives you of valuable insights and other IIoT benefits, but these systems also often lack the security measures of contemporary systems making them more vulnerable rather than less.

The better approach is to make the most of digital transformation, while helping protect safety and security as part of the process. As you do this, keep some key things in mind.

For example, many security practices have long been used in the IT world, but they’re new to the OT world. And, while many of the mitigation steps are similar in comparison, they’re applied very differently in the front office than on the plant floor.

In a manufacturing environment, cybersecurity and safety risks should both be part of risk management and part of the management of change (MOC) process. And EHS professionals should be involved in managing processes and compliance with standards and laws.

It’s a new age in industry. The advantages of Industry 4.0 certainly outweigh the increased risks. And by understanding the risks and mitigating them as part of your digital initiatives, you can expand what’s possible in your operations while helping protect what matters most to you.

Source

Related Articles


Changing Scene

  • Wesco Opens State-of-the-Art Facility in Eastern Canada to Support Influx of Megaprojects in the Region

    Wesco Opens State-of-the-Art Facility in Eastern Canada to Support Influx of Megaprojects in the Region

    Wesco International has recently announced the grand opening of a new state-of-the-art facility on Higney Avenue in Dartmouth, Nova Scotia, Canada, making this the largest facility of any distributor in the Atlantic region. The new building, facilitated by Touchette Real Estate, a division of Groupe Touchette, will feature Wesco’s comprehensive suite of services and solutions including… Read More…

  • PataBid Nominated for Canadian Choice Award in Software Services

    PataBid Nominated for Canadian Choice Award in Software Services

    PataBid is proud to announce its nomination for a Canadian Choice Award in the Software Services category. This recognition highlights PataBid’s commitment to supporting the electrical contracting community across Canada by providing innovative estimating software solutions that streamline estimating processes and ensure predictable and profitable projects. Read More…


Sponsored Content
The Easy Way to the Industrial IoT

The way to the Industrial IoT does not have to be complicated. Whether access to valuable data is required or new, data-driven services are to be generated, Weidmuller enables its customers to go from data to value the easy way. Weidmuller’s comprehensive and cutting-edge IIoT portfolio applies to greenfield and brownfield applications. Weidmuller offers components and solutions from data acquisition, data pre-processing, data communication and data analysis.

Visit Weidmuller’s Industrial IoT Portfolio.


ADVANCED Motion Controls Takes Servo Drives to New Heights (and Depths) with FlexPro Extended Environment Product Line

Advanced Motion Controls is proud to announce the addition of six new CANopen servo drives with Extended Environment capabilities to their FlexPro line. These new drives join AMC’s existing EtherCAT Extended Environment FlexPro drives, making the FlexPro line the go-to solution for motion control applications in harsh environments.

Many motion control applications take place in conditions that are less than ideal, such as extreme temperatures, high and low pressures, shocks and vibrations, and contamination. Electronics, including servo drives, can malfunction or sustain permanent damage in these conditions.

Read More


Service Wire Co. Announces New Titles for Key Executives

Bruce Kesler and Mark Gatewood have been given new titles and responsibilities for Service Wire Co.

Bruce Kesler has assumed the role of Senior Director – Business Development. Bruce will be responsible for Service Wire’s largest strategic accounts and our growing Strategic Accounts Team.

Mark Gatewood has been promoted to the role of Vice President – Sales & Marketing. In this role, Gatewood will lead the efforts of Service Wire Company’s entire sales and marketing organization in all market verticals.

Read More


Tri-Mach Announces the Purchase of an Additional 45,000 sq ft. Facility

Tri-Mach Elmira Facility

Recently, Tri-Mach Inc. was thrilled to announce the addition of a new 45,000 sq ft. facility. Located at 285 Union St., Elmira, ON, this facility expands Tri-Mach’s capabilities, allowing them to better serve the growing needs of their customers.

Positioning for growth, this additional facility will allow Tri-Mach to continue taking on large-scale projects, enhance product performance testing, and provide equipment storage for their customers. The building will also be the new home to their Skilled Trades Centre of Excellence.

Read More


JMP Parent Company, CONVERGIX Acquires AGR Automation, Expanding Global Reach

Convergix Automation Solutions has completed the acquisition of AGR Automation (“AGR”), a UK-based provider of custom, high-performance automation design and systems integration primarily to the life sciences industry.

Following Convergix’s acquisitions of JMP Solutions in August 2021 and Classic Design in February 2022, AGR marks the third investment in Crestview’s strategy to build Convergix into a diversified automation solutions provider targeting the global $500+ billion market, with a particular focus on the $70 billion global systems integration and connectivity segments. Financial terms of the transaction were not disclosed.

Read More


Latest Articles

  • How Advanced X-Ray and AI Inspection Technologies Optimize Quality Control and Reduce Costs in SMT Manufacturing

    How Advanced X-Ray and AI Inspection Technologies Optimize Quality Control and Reduce Costs in SMT Manufacturing

    Explore how Omron’s latest X-Ray machines and AI-driven solutions are setting new standards in manufacturing efficiency and quality control. The manufacturing landscape is swiftly evolving, and Omron is at the forefront with its innovative PCB inspection machines. These systems offer profound insights into SMT production process, enhanced quality control, and can significantly reduce labor costs. Advancements… Read More…

  • KUKA Establishes New Software and Digital Business Segment

    KUKA Establishes New Software and Digital Business Segment

    Software is playing an increasingly important role in mechanical engineering. What used to be mostly solved mechanically is now done by electronics and the associated software. “With KUKA Digital, we are expanding our offering in order to position ourselves broadly for a market with strong growth potential. Our customers need products, solutions and consulting approaches to digitalize… Read More…