Industryweek 33142 Link Leadership Team T 770 0
Industryweek 33142 Link Leadership Team T 770 0
Industryweek 33142 Link Leadership Team T 770 0
Industryweek 33142 Link Leadership Team T 770 0
Industryweek 33142 Link Leadership Team T 770 0

SLC 2018: Safety Leaders Should Be at the Cybersecurity Table

Nov. 13, 2018
Safety-related security breaches are real, and they must be a part of the IT conversation.

Safety and cybersecurity are interconnected in the manufacturing environment Security breaches can trip systems that stop machinery or alert operators in the event of a problem, damaging equipment, placing people at risk—even causing environmental calamities.

Yet at many manufacturers, the safety and information technology teams do not effectively collaborate. “If you discover a vulnerability in IT, you patch it and move on,” says Steve Ludwig, safety programs manager for Rockwell Automation, speaking at the 2018 Safety Leadership Conference in Louisville, Kentucky, last week. “On the [operations technology] side, that’s not the case. We need more education in the engineering community about OT risks.”

Safety-related security breaches can occur when:

Employees or contractors inadvertently plug an infected machine into the system; connect to an unsecure network; or download the wrong program.

  • Disgruntled current or former employees, knowing the ins and outs of a system, break in and cause damage.
  • Hackers break into an operations system for financial, competitive, or political reasons.
  • State-sponsored spies target critical infrastructure and production systems to disrupt operations or steal secrets.
  • Cybercriminals seek to disrupt, infect or shut down critical infrastructure, from nuclear plants to water supplies and oil refineries.

EHS, operations and IT teams should work together to identify safety data requirements for operations systems and develop a risk-management strategy for security threats and vulnerabilities, as well as their potential implications on safety.  It’s up to leadership to advocate for this collaboration and make sure employees companywide understand its importance, said Ludwig.

Basic cybersecurity hygiene involves knowing your assets and their potential risks,. “Very few plants have a complete list of all of their PLCs” where they came from and how long they’ve been in operation, said Ludwig. “The focus has always been on productivity and maintaining that uptime.”

A safety assessment looks at not only standard operator functions but all human-machine interactions, including machine setup, maintenance, cleaning and sanitation, as well as training and administrative requirements. In addition, companies should expand their traditional scope of this assessment and look at potential cyberattack risk.

“With safety assessment, you’re going through the steps—what is the normal operation of that machine?” said Ludwig. “How long will that machine be safe?” With a connected enterprise, you can get information on the safety front like how often a door is opened or shut on a machine.

Ludwig asked the audience if safety was being called upon to address security at their companies, to a mixed response. One audience member commented that his plant was not addressing cybersecurity in its safety contingency plan, though there had been talk of more collaboration between IT and OT. Other safety leaders remarked that they were, intentionally or unintentionally, sometimes left out of leadership meetings about cybersecurity.

Popular Sponsored Recommendations

Empowering the Modern Workforce: The Power of Connected Worker Technologies

March 1, 2024
Explore real-world strategies to boost worker safety, collaboration, training, and productivity in manufacturing. Emphasizing Industry 4.0, we'll discuss digitalization and automation...

3 Best Practices to Create a Product-Centric Competitive Advantage with PRO.FILE PLM

Jan. 25, 2024
Gain insight on best practices and strategies you need to accelerate engineering change management and reduce time to market. Register now for your opportunity to accelerate your...

Transformative Capabilities for XaaS Models in Manufacturing

Feb. 14, 2024
The manufacturing sector is undergoing a pivotal shift toward "servitization," or enhancing product offerings with services and embracing a subscription model. This transition...

Shifting Your Business from Products to Service-Based Business Models: Generating Predictable Revenues

Oct. 27, 2023
Executive summary on a recent IndustryWeek-hosted webinar sponsored by SAP

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!