Proper cyber hygiene, design, assessments and execution help you benefit from a Connected Enterprise without compromising productivity or profitability.
By Megan Samford, director, Product Security, Rockwell Automation
It’s no surprise to tell you that smart manufacturing is here. Smart devices combine to enable a Connected Enterprise that gathers production data and puts it in context to provide you with insights to help you increase throughput and efficiency, decrease costs, make smart and timely decisions, improve safety and meet customer expectations.
This need for immediate insights to create value is what’s driving companies to invest in:
- Smarter devices that detect when they need maintenance before they fail
- Integrated control systems that analyze the current state of operation and optimize productivity and safety
- Connectivity throughout the supply chain to coordinate activities.
Digital transformation is not a case of being “in” or “out.” It’s an evolution, not a revolution — a journey rather than a destination.
It’s estimated that about 20% of companies have made a deliberate decision to pursue digital transformation; the others are moving less deliberately, with less planning, whether intentionally or not.
Safety and Security Go Together
The inevitable modernization of equipment brings new devices and connectivity, and along with the benefits of those devices and machinery come new risks.
As machines are modernized, connected devices replace obsolete ones. As machinery is replaced, the builders might have connectivity to the machines on your plant floor to remotely analyze performance and make adjustments and repairs less expensively.
No matter where you are on the digital transformation journey, you should be managing security and safety risks in any case. In particular, managing the inherent risks should be planned for as an integral part of the process.
Safety and security risks are inherently linked in this new age. Increasingly, hackers target industrial control systems (ICSs) to cause disruption or damage to physical product or assets, or to steal intellectual property. ICS attacks have increased dramatically in recent years.
In recognition of this new dynamic, even security and safety standards are using similar language and referencing the risks each poses to the other. This is because a security breach that effects physical assets can easily damage equipment, workers or the environment.
Basic Steps for Security
Security planning begins with implementing basic security or cyber hygiene. These aren’t all easy to manage, but are ultimately important to maintaining security. This includes an inventory of assets, hardware and software on the company network, control of software updates and installations, password management and limiting privileges, and personnel training to identify phishing efforts.
It also includes:
- Using equipment designed with security in mind.
- Identifying vulnerabilities.
- Patch management.
- Maintaining back-ups.
- Network design and segmentation.
- Upgrading aging infrastructure.
Many of these practices have long been in place in the IT world, but rarely seen in the operations technology (OT) world. While most enterprises have a list of IT assets, far fewer have a comprehensive list of controllers and software revision levels, or a program to keep them updated during planned maintenance.
In general, engineering needs to collaborate with IT in maintaining good cyber hygiene practices throughout the enterprise, including ICS.
Questions for Mitigation
As equipment is modernized or purchased, both safety and security risks should be assessed and appropriately mitigated. If the machine builder requires access to the machine, how will that access be limited? How will you confirm that the machine cannot be manipulated without placing workers in an unsafe condition? How will you protect intellectual property?
Proper cyber hygiene, design, assessments and implementation help ensure that you achieve the benefits of a Connected Enterprise without compromising productivity, profitability or reputation.
Learn about Rockwell Automation industrial security solutions.
The Journal From Rockwell Automation and Our PartnerNetwork™ is published by Putman Media, Inc.