The Connected Enterprise offers tremendous value to industry. Smart manufacturing provides industry with the contextualized information and insights to increase throughput and efficiency, decrease costs, make smart and timely decisions, improve safety and meet customer expectations.
The necessity for immediate insights to create value is driving best-in-class companies to invest in smarter devices that detect when they need maintenance before they fail, integrated control systems that analyze the current state of operation and optimize productivity and safety, and connectivity throughout the supply chain to coordinate activities.
Digital transformation is not a case of being “in” or “out.” It’s an evolution, not a revolution - a journey rather than a destination. Some companies – about 20% – have made a deliberate decision to pursue digital transformation. The rest are moving less deliberately, with less planning, whether intentionally or not.
The inevitable modernization of equipment brings new devices and connectivity, and with those devices and machinery come new risks. As machines are modernized, connected devices replace obsolete ones. As machinery is replaced, the builders may have connectivity to the machines on your plant floor to remotely analyze performance and make adjustments and repairs less expensively.
Companies should be managing security and safety risks in any case. In particular, if a company is on the digital transformation journey, managing the inherent risks should be planned for as an integral part of the process.
Safety and security risks are inherently linked in this new age. Increasingly, hackers target industrial control systems (ICS) to cause disruption or damage to physical product or assets, or to steal intellectual property. ICS attacks have increased dramatically in recent years.
In recognition of this new dynamic, security and safety standards are using similar language and referencing the risks each poses to the other. A security breach that effects physical assets can easily damage equipment, workers, and/or the environment.
Security planning begins with implementing basic security or cyber hygiene. These aren’t all easy to manage, but are ultimately important to maintaining security. This includes an inventory of assets, hardware and software on the company network, control of software updates and installations, password management and limiting privileges, and personnel training to identify phishing efforts.
It includes using equipment designed with security in mind, identification of vulnerabilities, patch management, and maintaining back-ups. It also includes network design and segmentation, and upgrading aging infrastructure.
Many of these practices have long been in place in the IT world, but rarely seen in the OT world. While most enterprises have a list of IT assets, far fewer have a comprehensive list of controllers and software revision levels, or a program to keep them updated during planned maintenance. In general, engineering needs to collaborate with IT in maintaining good cyber hygiene practices throughout the enterprise, including ICS.
As equipment is modernized or purchased, both safety and security risks should be assessed and appropriately mitigated. If the machine builder requires access to the machine, how will that access be limited? How will you confirm that the machine cannot be manipulated without placing workers in an unsafe condition? How will you protect intellectual property?
Proper cyber hygiene, design, assessments, and implementation help ensure that you achieve the benefits of a Connected Enterprise without compromising productivity, profitability, or reputation.
Contact your Rockwell Automation cybersecurity and safety experts to help with the development of your enterprise risk management plans and strategies.