Why Cybersecurity Must be Part of Your Safety Plan

PB 25 Rockwell newlogo 400

March 26, 2020

By Steve Ludwig, Commercial Programs Manager, Safety, Rockwell Automation

The dangers that cyber threats pose to intellectual property, customer records and productivity are well known, but less discussed are the safety implications of these threats. A cyberattack on your industrial control system (ICS) can damage physical assets, alter recipes, injure workers or cause severe environmental damage.

If you’re on a digital transformation journey – whether it’s a managed process or slow evolution – managing the inherent safety and security risks should be an integral part of the process.

A properly designed security approach will improve information collection, analysis and delivery. It will minimize security-related interruptions and frustrations. And it will help protect your enterprise.

Know your risks

Today, both security and safety standards already recognize the link between safety and security risks.

Cybersecurity standard ISA/IEC 62443-1-1 mentions that security breaches can have consequences beyond compromised information. The standard states: “The potential loss of life or production, environmental damage, regulatory violation and compromise to operational safety are far more serious consequences. These may have ramifications beyond the targeted organization; they may grievously damage the infrastructure of the host region or nation.”

Functional safety standard IEC 61508-1 specifies that hazards associated with equipment and control systems must be determined under all reasonably foreseeable circumstances. The standard says: “This shall include all relevant human factor issues and shall give particular attention to abnormal or infrequent modes of operation of the EUC. If the hazard analysis identifies that malevolent or unauthorized action, constituting a security threat, as being reasonably foreseeable, then a security threats analysis should be carried out.”

Security, like safety, approaches issues based on managing risk, leveraging continuous assessment and baselining to ensure you are managing to a risk threshold. Your level of acceptable risk will vary by industry and potential outcomes.

Considering that most cybersecurity attacks are based on the attacker simply finding a vulnerable target – rather than being specifically targeted due to industry or prominence – a cybersecurity attack is a foreseeable circumstance in virtually every industry. Assessing your cybersecurity risks, determining your level of acceptable risk and mitigating identified risks to an acceptable level are now the basic “reasonable” steps to help protect people from foreseeable misuse and malevolent or unauthorized actions.

As with safety, ignoring cybersecurity and associated risks is the mistaken belief that “if I don’t know about the risk, I can’t be held accountable.” That’s not an acceptable posture, ethically or for compliance purposes, especially when lives are on the line.

Address risks together

Some have used the risks that connected technologies can introduce as an argument against modernization. But, it’s important to recognize that doing nothing is not a solution. Maintaining legacy systems too long not only deprives you of valuable insights and other IIoT benefits, but these systems also often lack the security measures of contemporary systems making them more vulnerable rather than less.

The better approach is to make the most of digital transformation, while helping protect safety and security as part of the process. As you do this, keep some key things in mind.

For example, many security practices have long been used in the IT world, but they’re new to the OT world. And, while many of the mitigation steps are similar in comparison, they’re applied very differently in the front office than on the plant floor.

In a manufacturing environment, cybersecurity and safety risks should both be part of risk management and part of the management of change (MOC) process. And EHS professionals should be involved in managing processes and compliance with standards and laws.

It’s a new age in industry. The advantages of Industry 4.0 certainly outweigh the increased risks. And by understanding the risks and mitigating them as part of your digital initiatives, you can expand what’s possible in your operations while helping protect what matters most to you.

Source

Related Articles


Changing Scene

  • FANUC Canada Celebrates Grand Opening of New Headquarters

    FANUC Canada Celebrates Grand Opening of New Headquarters

    In a grand opening and ribbon cutting ceremony, FANUC recently unveiled its new Canadian Headquarters in Mississauga, Ontario to industry partners, customers and media. The new facility, which will serve as a hub for cutting-edge robotics technology, hosted more than 250 attendees in a celebration that included remarks from company leadership and advanced technology demonstrations. This milestone… Read More…

  • Hammond Manufacturing Welcomes John Eberhart as Territory Sales Manager for Northern, USA

    Hammond Manufacturing Welcomes John Eberhart as Territory Sales Manager for Northern, USA

    Hammond Manufacturing is pleased to announce the appointment of John Eberhart as the Territory Sales Manager for the Northern Midwest region of the United States in their Rack Mounting Solutions division. John’s extensive industry experience will be instrumental in the expansion of Hammond’s market presence and the promotion of business within his territory. John Eberhart… Read More…


Sponsored Content
The Easy Way to the Industrial IoT

The way to the Industrial IoT does not have to be complicated. Whether access to valuable data is required or new, data-driven services are to be generated, Weidmuller enables its customers to go from data to value the easy way. Weidmuller’s comprehensive and cutting-edge IIoT portfolio applies to greenfield and brownfield applications. Weidmuller offers components and solutions from data acquisition, data pre-processing, data communication and data analysis.

Visit Weidmuller’s Industrial IoT Portfolio.


ADVANCED Motion Controls Takes Servo Drives to New Heights (and Depths) with FlexPro Extended Environment Product Line

Advanced Motion Controls is proud to announce the addition of six new CANopen servo drives with Extended Environment capabilities to their FlexPro line. These new drives join AMC’s existing EtherCAT Extended Environment FlexPro drives, making the FlexPro line the go-to solution for motion control applications in harsh environments.

Many motion control applications take place in conditions that are less than ideal, such as extreme temperatures, high and low pressures, shocks and vibrations, and contamination. Electronics, including servo drives, can malfunction or sustain permanent damage in these conditions.

Read More


Service Wire Co. Announces New Titles for Key Executives

Bruce Kesler and Mark Gatewood have been given new titles and responsibilities for Service Wire Co.

Bruce Kesler has assumed the role of Senior Director – Business Development. Bruce will be responsible for Service Wire’s largest strategic accounts and our growing Strategic Accounts Team.

Mark Gatewood has been promoted to the role of Vice President – Sales & Marketing. In this role, Gatewood will lead the efforts of Service Wire Company’s entire sales and marketing organization in all market verticals.

Read More


Tri-Mach Announces the Purchase of an Additional 45,000 sq ft. Facility

Tri-Mach Elmira Facility

Recently, Tri-Mach Inc. was thrilled to announce the addition of a new 45,000 sq ft. facility. Located at 285 Union St., Elmira, ON, this facility expands Tri-Mach’s capabilities, allowing them to better serve the growing needs of their customers.

Positioning for growth, this additional facility will allow Tri-Mach to continue taking on large-scale projects, enhance product performance testing, and provide equipment storage for their customers. The building will also be the new home to their Skilled Trades Centre of Excellence.

Read More


JMP Parent Company, CONVERGIX Acquires AGR Automation, Expanding Global Reach

Convergix Automation Solutions has completed the acquisition of AGR Automation (“AGR”), a UK-based provider of custom, high-performance automation design and systems integration primarily to the life sciences industry.

Following Convergix’s acquisitions of JMP Solutions in August 2021 and Classic Design in February 2022, AGR marks the third investment in Crestview’s strategy to build Convergix into a diversified automation solutions provider targeting the global $500+ billion market, with a particular focus on the $70 billion global systems integration and connectivity segments. Financial terms of the transaction were not disclosed.

Read More


Latest Articles

  • Understanding Industrial Relay Contact Configurations: NO, NC, SPDT, and DPDT

    Understanding Industrial Relay Contact Configurations: NO, NC, SPDT, and DPDT

    Relays serve as the backbone of industrial control systems, enabling the control of high-power circuits using low-power signals. Understanding different relay contact configurations is crucial for designing effective control systems. This article will explore the various types of relay contacts and their applications in industrial automation. Read More…

  • Implementing Functional Safety Requirements

    Implementing Functional Safety Requirements

    The Safety Functional Requirements Specification (SFRS; sometimes referred to as SRS or Safety Requirements Specification) is the plan for the safety controls on a machine and is the second step of the safety lifecycle. The SFRS document serves as a framework for the safety control system design, is informed by prior work done in the… Read More…