ANSWERS
ICS CYBERSECURITY Max Wandera, Eaton
How cybersecurity is affecting control and automation Engineers working with industrial cybersecurity need to understand the increased risks as automation becomes interconnected. Build industrial systems that will operate securely throughout the lifecycle.
T
he Industrial Internet of Things (IIoT), connected devices and the vast amounts of generated data create industrial opportunities, but it also increases cybersecurity risks. This shift challenges engineers to follow robust cybersecurity practices to design and build systems that will operate securely throughout the lifecycle. A discussion with Max Wandera, the director of Eaton’s Product Cybersecurity Center of Excellence, provided best practices for control engineers working on industrial cybersecurity.
What are the biggest cybersecurity challenges facing the control and automation industries?
Key trends impacting cybersecurity are increasing digitalization and the current lack of global, universally accepted standards for cybersecurity. Creating trusted environments is a must, and I believe cybersecurity is a must-have for product development, much like safety and quality. Cybersecurity threats must be taken seriously and met proactively with a system-wide defensive approach. Analysts at Grand View Research Inc. estimate nearly $950 billion will be spent on the deployment of IIoT solutions globally by 2025. As organizations expand their digital footprint, it is imperative to protect the availability, integrity and confidentiality of connected systems. Creating cybersecure environments is complicated without a global conformance assessment. Today, countries throughout the world develop their own requirements. This conformity gap makes it difficult for manufacturers to determine the standards to which they should build and comply, particularly as products are manufactured and sold around the world. Further, control systems and electrical infrastructure typically consist of technologies from different suppliers. Where should the element of trust begin and end if there is no global conformity assessment scheme to ensure integrated components lack vulnerabilities?
www.controleng.com
Having a common set of verified product requirements at a global level, is an important starting point. On cybersecurity, Eaton has worked with UL, the International Technical Commission (IEC), the International Society of Automation (ISA) Global Cybersecurity Alliance and other partners inside and outside of the electrical industry to drive development of a global conformance assessment for power management technologies.
How can engineers ensure critical systems and processes are built on a secure foundation?
Security of a network or system is only as strong as its weakest link. Engineers need to make sure they are applying secure-by-design principles throughout their development lifecycle. They need to make sure they have the right training, technology and process in place to drive cybersecurity requirements throughout the product lifecycle.
M More ANSWERS
Which cybersecurity codes and standards are important for engineers?
There are process, product and lab certifications, and achieving accreditations is essential to building trusted environments. The IEC adopted the 62443 series of standards, which is a framework to address the cybersecurity of industrial control systems (ICSs). These standards provide requirements for all of the principal roles across the system lifecycle – from product design and development through integration, installation, operation and support. IEC also added 624434-2 to improve the security of products. UL also created its 2900 Standard for Software Cybersecurity for NetworkConnectable Products (UL 2900). These guidelines include processes to test
KEYWORDS: Industrial cybersecurity, industrial automation Cybersecurity global standards from IEC, ISA Global Cybersecurity Alliance and UL help lower risk Cybersecurity education and training CONSIDER THIS What have you done lately to lower cybersecurity risk?
ONLINE If reading from the digital edition, click on the headline for more resources. www.controleng.com/magazine www.controleng.com/ networking-and-security/ cybersecurity/ www.controleng.com/webcasts/ cybersecurity-what-you-needto-know/
control engineering
February 2021
•
29
