ANSWERS
CYBERSECURITY
Alexandre Peixoto and Rick Gorskie, Emerson
Assessing cybersecurity today to improve tomorrow’s manufacturing operations Simple strategies to achieve the most value from cyber risk assessments. Three strategies for operations technology (OT) teams to avoid while performing assessments are highlighted.
M Figure 1: Cybersecurity is an ongoing process, with constant updates required based on new solutions and improvements. All graphics courtesy: Emerson
24
•
ost process plant automation systems are engineered over a long period to ensure operations are repeatable, reliable, available and safe. However, increased connectivity to business systems has increased exposure of control systems to the internet. Organizations must now consider the cybersecurity implications so industrial automation and control systems remain secure and stable. A good starting point is a cybersecurity risk assessment to evaluate gaps in currently implemented strategies and technologies, and to provide a roadmap for identifying, prioritizing, and eliminating vulnerabilities. There are three common missteps operations technology (OT) teams should be aware of when performing or requesting assessments:
September 2020
control engineering
• Assuming their own team already knows and understands all the risks • Pursuing “magic pill” solutions, and then not acting due to the considerable number of issues • A lack of prioritization and limited funding. Organizations that arm themselves against these potential roadblocks can reap the full benefits of a risk assessment. They can drive toward more cybersecure operations and providing the business justification most security-oriented projects lack and asset owners struggle with.
1. Identifying unknown cybersecurity risks, solutions
Cybersecurity is an evolving arms race that may seem overwhelming to an OT team, or even some cyber-experienced information technology (IT) teams. Learning that anti-virus software and a firewall is no longer sufficient protection can be intimidating. A cyber risk assessment removes the need for an OT team to determine every potential cyber vulnerability in the plant. The assessment can help teams identify, document, prioritize and build a roadmap around the highest threat vulnerabilities. This roadmap provides a guide for creating solutions to quickly provide sufficient security. Once the assessment is complete, resources created and shared by expert partners can expand knowledge of cybersecurity tactics and techniques directly related to the leading vulnerabilities. Automation providers (as well as other technology providers) typically offer a wide variety of security manuals, secure architecture guidelines, cybersecuwww.controleng.com
