Industryweek 36476 Cybersecurity 6

SLC 2019: Taking the Risk Out of Your Security Management

Nov. 12, 2019
“Companies must understand that safety and security are no longer separate issues,” says Steve Ludwig of Rockwell Automation.

As companies are digitally transforming their operations and increasing connectivity, they are also increasing their risks, explained Steve Ludwig, Safety Program Manager for Rockwell Automation at  EHS Today’s Safety Leadership Conference.

“Does your company view security risks as safety risks?” Ludwig asked the audience during this session.  “When you talk about cybersecurity there is a belief that you are talking about information, but we are also talking about risk to workers, assets, the environment and a company’s reputation.”

To make his point Ludwig gave a number of examples. There was the German steel mill whose system was manipulated and resulted in massage damage when it was unable to shut down. And at a water treatment plant in Australia, radio commands were sent to sewage equipment causing 800,000 liters of raw sewage to spill into local parks and rivers which killed marine life.

How does this happen? Whatever entity is trying to enter a company's system to cause harm must often must go through the safety system to get in the process system. And this is easier now than in the past since IT and OT are more connected. These functions must now be open in order to achieve the connectivity goals of the Internet of Things or the Industrial Internet of  Things. While being able to access information from operations is essential to secure the data needed to perform the higher analytic function that provides the benefit of IoT, there is also a risk.

Who are the people behind these cyberattacks?

At the top of the list are insiders. Sometimes it’s disgruntled workers and sometimes it’s just errors. Then there are cybercriminals, hacktivists, terrorists and even nation-states.

No matter who is causing these threats there are things that companies can do starting with properly assessing the risks.  Ludwig offered some ways that companies can protect themselves:

Asset Management: know your assets and their potential risks

Authentication Authorization Accounting: know your users

Implement patch management policies and procedures

Computer and mobile endpoint protection

Disaster recovery (Backup and restore)

Raising awareness to personnel

Basic network security tasks

“Companies must understand that safety and security are no longer separate issues,” says Ludwig. “ The solution is to have a risk management approach and collaborate across all functions of the company.”

Popular Sponsored Recommendations

Process Mining For Dummies

Nov. 19, 2023
Here it is. Everything you need to know about process mining in a single book, written in the easy-to-understand, hard-to-forget style that ‘For Dummies’ manages so effortlessly...

Digitally Transforming Data and Processes With Product Lifecycle Management

Oct. 29, 2023
Manufacturers face increasing challenges in product development as they strive to consistently deliver improved results. Discover how industry leaders are improving time-to-market...

Why DataOps may be the key to unlocking the full potential of digital transformation

Nov. 3, 2023
Read the 2023 market survey conducted by IndustryWeek

Gain a competitive edge with real-world lessons on private 5G networks

Nov. 16, 2023
The use of private networks in manufacturing applications is rapidly growing. In this paper, we present valuable insights and lessons learned from the field with the goal of enhancing...

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!