- By Gary Williams
- The Final Say
By Gary Williams
Cybersecurity is no longer an emerging trend or fad. It is an increasingly essential aspect of every business function and operation. This is especially true in industry. There is an increased demand for stronger cybersecurity and for initiatives, including the U.S. Cybersecurity and Infrastructure Security Agency Act and European Union Network Information System Directive and GDPR regulation. We know the demand has been amplified for industrial companies when legislation is coupled with mandatory requirements in standards like IEC62443 and ISASecure.
New legislation and requirements to remain compliant with prevailing standards mean end users must invest in technology, which can do more than help secure the operation. Today’s systems and solutions, especially in the age of the IIoT, can contribute additional operational value by increasing efficiency, reliability, and ultimately profitability. Obtaining and applying real-time data from connected assets, such as temperature, flow, pressure, and device status, to improve operations and business performance demonstrates the substantial value of connectivity.
But with such a wide variety of vendor systems and solutions controlling the operation, and because there is not a simple plug-and-play solution that covers every element of the operational technology (OT) environment, end users are fighting battles on multiple fronts: they must engage several vendors for solutions within their operations and connect and use those solutions to improve performance, all while keeping their operations safe and secure.
So, while adopting modern technology has many benefits, it has a downside too. Increasing connectivity expands the number of entry points for would-be attackers. Every new connection, no matter the medium, increases cyberrisk. In an OT environment, those risks can have potentially catastrophic consequences. In a cybersecurity breach, disaster can strike on several levels: interruption to production, damage to the environment, and even loss of life.
This means that as cyberthreats within the OT space increase, industry as a whole must collaborate more to future-proof all this connectivity. End users have to collaborate across their supply chains; providers need to collaborate with other providers. We must acknowledge that end users alone are not responsible for cybersecurity, nor can they face cyberthreats alone. Cybersecurity needs to be addressed by an array of stakeholders, including vendors, integrators, standards bodies, and governments.
Even though end users have to measure and mitigate risk, well-publicized, recent cyberattacks have shown that vendors need to work together to address ever-increasing threats. At a granular level, vendors are best equipped to measure the risk of connecting competing systems. If this risk is measured collaboratively by control systems and solutions vendors, it can be mitigated earlier in the supply chain rather than at the time of the FAT/SAT.
This collaboration must cross competitive barriers and unite the experts who develop standards and have the expertise to strengthen the cyber landscape, reflecting an understanding that cybersecurity goes beyond market share and the bottom line. Collaboration between vendors and other industry bodies will inevitably lead to a better understanding of how to reduce and mitigate cyberthreats, so vendors can ensure security is considered from concept to delivery. But the initiative cannot end there. It must also include IT systems and providers. For example, we must educate telecommunication and mobile device providers, so they too have a stake in helping secure the critical systems and mobile workforce that rely on communications infrastructure.
The financial argument for working together is compelling. Continual, better collaboration between and among end users and vendors, including IT and network providers, results in better, more secure business performance at the top and bottom line. Just think about this: In the GDPR-driven regulatory environment, a breach could result in fines of up to 4 percent of the global revenue or €20 million, whichever is higher. There is a simple, clear business case to be made for collaboration.
Continuously protecting every business function and operation from cyberattack has become a fact of life. That is not going to change. Therefore, it is time to think about new approaches that future-proof connectivity. All stakeholders must begin working openly together, not only to ensure end users become and remain compliant with legislation and standards, but so they can use all the great technology available to them to run a secure and profitable operation. If we are going to effectively leverage connectivity while continuously protecting our most critical operations from cyberthreats, we must unite to reexamine, develop, and reinforce best practices, policies, and procedures. The time is now.
We want to hear from you! Please send us your comments and questions about this topic to InTechmagazine@isa.org.