Does Your Automation Vendor Support Your Industrial Security Goals?
Security threats put your intellectual property, productivity and worker safety at risk.
They also can pose dangers to consumers and the environment. Understanding where your company is vulnerable to security threats and deploying a strong defense-in-depth security approach is essential to protecting your most valued assets and maintaining a safe, productive environment.
A key part of your industrial security program should be choosing trusted automation vendors that actively work to support your security goals.
Before selecting vendors, educate yourself on their security policies and practices. Also, consider if they adhere to these five core security principles, defined by Rockwell Automation, for designing control and information products.
- Secure Network Infrastructure: Does the vendor help you keep information in the automation layer secure and confidential? This could include using embedded technology to validate and authenticate devices before giving them access to a network.
- Authentication and Policy Management: Do the vendor’s automation products support your company’s data-access policies and infrastructure? Products can, for example, use access-control lists to manage access to devices and applications for all levels of employees.
- Content Protection: How will the product help protect your intellectual property? Some potential approaches include assigning passwords to routines and using digital rights management to limit users’ ability to view and edit device data.
- Tamper Detection: How effective is the product at detecting any unauthorized system activity, as well as alerting the right personnel? Trusted vendors’ products should log key details of any tampering, including where the attempted intrusion took place, how it occurred and if anything was modified.
- Robustness: How comprehensive are the vendor’s security efforts? A truly robust security approach includes, among other things, providing security training to employees, conducting final security reviews before releasing products, and continuously verifying that processes stay current with standards and technologies. A trusted vendor also supports its products with security updates, and communicates those updates to you.
Keep in mind that choosing trusted vendors is only one step in meeting your security goals. No single security product or practice will protect your company from the abundance of threats that exist. Rather, industrial security must be a holistic effort spanning your people, processes and technologies.
For a deeper exploration of industrial security – including a more detailed look at the recommended best practices above – check out our Industrial Security e-book.