A Middle East Diver’s Top Tips for Industrial Security

A Diver’s Top Tips for Industrial Security

I’m a keen scuba diver – keen enough, in fact, to be a qualified rescue diver. It’s like a different world deep under water. For a start, I am 100% reliant on my diving equipment just to stay alive.

Over the years I’ve been diving, friends have often asked me if I am not scared by the inherent risk of deliberately going somewhere where a single mistake could endanger my life. My answer is the always the same – if you know what you are doing, then the risks are very low indeed.

There’s an obvious parallel with my day job as the business leader for network security services at Rockwell Automation in the Middle East. If you imagine the world of online connectivity to be as foreign to traditional industrial practices as diving is to strolling around on dry land, then you’ll probably see the link.

As industry throughout the world has become more information-enabled, networked and connected, it is also exposed to more inherent risk. The ME region is no more or less vulnerable than any other, but it is underperforming in how it manages that risk.

Alarming statistics suggest that 56% of ME businesses lost more than $500,000 due to cyber security infractions last year compared to 33% globally, and 13% lost at least three working days compared to 9% globally. A further 18% of respondents in the region experienced more than 5,000 attacks, which is higher than any other region, and compares to a global average of only 9% “PwC report (middle-east-cyber-security-survey March 2016)”

It’s fair to say that the ME region is behind the curve a little and losing money and productivity as a result. In my opinion, we must stop mumbling about the Stuxnet and Shamoon viruses and go to action.

The ME needs to review its whole approach to Cybersecurity: it is not just an “IT thing” - it should be taken seriously at every level in the company. There is not a single device or software that can protect us - we need to employ a solid defense-in-depth approach to mitigate as much of the risk as possible.

The first step for most companies is to redress the shortfall in security strategies. According to PwC: only 45% of ME companies have a security plan in place compared to 58% globally. It’s here that organisations such as Rockwell Automation can help with network security services that bring our customers in line with local Cyber Security regulations such as NESA, Qcert and Ocert.

Like diving, modern industry is never going to be entirely free of risk. When it comes to protecting your business, it pays to take the security of industrial applications as seriously as a diver takes the integrity of his equipment.

With that in mind, here are my top diver’s tips for industrial security:

  • Know the risk – a good diver understands the risks associated with the effects of everything from water pressure to oxygen starvation. Industry must understand the cyber risk of everything from intellectual property theft to the risk to workforce or consumer health and wellbeing
  • Check your equipment. A good diver doesn’t just expect everything to work every time because they set it up correctly the first time they used it. Divers check every piece of equipment very carefully every time they use it – water getting in where it shouldn’t can mean disaster. Industry must look at their system the same way and run regular checks for where information can get into or out of the operation to reduce vulnerability.
  • Know where you are going. A diver will plan their route very carefully and assess the potential dangers of the situation very well. Industry must take a similar approach – planning how to mitigate risk from cyber-attack with a strategy for implementing patches, updates and improvements to the system.
  • Don’t go it alone. Divers rarely, if ever, dive alone. It’s much safer to dive as part of a team and carry spare tanks and equipment. They rely on each other’s experience to manage a range of known and unknown risks deep under water. Industry must do the same. Working with vendors and security specialists to help keep software updated, help find potential weaknesses and help mitigate cyber-risks through maintaining systems to meet and exceed security regulations is vital.

They say that in the modern industrial environment information flows like water. Global industry, and the ME region in particular, might benefit from thinking like a diver to make sure it flows where they want it to and doesn’t drown their enterprise. With the solutions already available, there are fewer excuses than ever for leaving your enterprise open to the elements.

You can find out much more about how Rockwell Automation can help with your industrial security.


Gert Thoonen
Posted October 31, 2016 By Gert Thoonen, PMP, CEH, CND | Business Development | Network & Security Services – ME, Rockwell Automation
  • Contact:

Blog

The Rockwell Automation Blog helps our employees and guest bloggers share technology and industry-related trends with you. Be sure to sign up for bimonthly updates with the latest posts.