Protect Safety Through Cybersecurity
EP Editorial Staff | June 11, 2020
The technical nature of cybersecurity often leads to it being considered “just an IT issue.”
A cyber attack can do more than breach a network or steal data. It can compromise a safety system and cause physical harm to people, equipment, and the environment.
As industrial operations have become more connected, attack surfaces have inherently grown, making industrial-control systems a popular target for hackers. Just one successful attempt—an over-pressurized pipeline, a misaligned valve, an unexpected change in a machine’s operation—can create potentially catastrophic safety risks for people and the environment.
What can you do? Managing safety and security risks should be an integral part of your digital-transformation journey. A properly designed security approach will minimize security-related interruptions and frustrations, while protecting your people and enterprise.
Here are five steps you can take to make sure your security approach addresses safety risks.
Close IT/OT gaps
Mitigating security-based safety risks requires addressing the cultural, procedural, and technical differences that exist between siloed IT and OT organizational structures. For example, many security practices have long been used in the IT world but are new to the OT world. While many risk-mitigation steps are similar, they’re applied very differently in the front office than on the plant floor.
Global standards now recognize the relationship between safety and security. Safety and security standards such as IEC 61508 and ISA/IEC 62443 provide compliance guidelines that can help you address security-based safety risks. The requirements may not be elaborate, but your organization should adhere to them and stay current with these standards as they evolve.
Understand your risk
Safety and security risk assessments are essential to a risk-management strategy that address security threats and their potential safety implications. While these assessments will be conducted separately, they should work toward the same goals: protecting workers, customers, and the environment.
Use protective measures
A wide range of security measures can help protect you from potentially harmful security incidents. Anomaly-detection software, for example, can identify external threats, human errors, and process-integrity issues that threaten safety. Asset-management software can detect unauthorized asset changes that could affect production and safety. Segmenting your network into zones can help limit access to safety systems.
Implement fortified safety products
Safety systems can defend against cyber threats with their own security features. A safety controller is a prime example. It can use keyed software to help make sure firmware is only downloaded from a trusted source. An access door can restrict physical access to the controller. EP
Learn more about addressing security-based safety risks in your operations by downloading this pdf from Rockwell Automation.