NOV-DEC 2018

Issue link:

Contents of this Issue


Page 10 of 56

continue to harden their solutions with cybersecurity built di- rectly into the products. These are important, positive steps. But industry has a long way to go, and the focus must be on facilitating and increasing col- laboration among everyone associated with it. Industry collaboration When any attack or attempted attack happens, it is easy to point the finger at whoever is deemed re- sponsible or question what could have been done differently. This sort of examination, both internally and externally, is necessary so that we can learn les- sons and mitigate the risks of other attacks. But finger pointing does not get us very far. Cybersecurity in industry affects a wide variety of players, including plant asset owners, suppli - ers, designers, process engineers, plant operators, third-party providers, integrators, standards bod - ies, academia, and government agencies around the world. Suppliers regularly collaborate with their plant asset-owner clients and with standards bodies, and so forth. Too rarely, however, do com- petitors within the space—whether foreign gov- ernments, suppliers, end users, or integrators— pool best practices and provide guidance to (or seek it from) those vying for market share. When it comes to cybersecurity in mission- critical facilities, lives are at stake, as are massive operations. Fifteen years ago, the cyberthreats of today were unimaginable. The spirit of open and honest collaboration must thrive for us to best address cybersecurity in the decades ahead. Start with standards bodies One does not become an industrial cybersecu- rity expert overnight. Fortunately, experts do exist—starting with standards bodies that set detailed guardrails and best practices. Although regulation and legislation vary by country, cyberattacks are border agnostic. At- tacks—both attempted and successful—targeting a facility in any one country can have detrimen- tal consequences worldwide. Therefore, it makes sense to have in place international standards and agreements on cybersecurity best practices. This includes initiatives from ISA, includ - ing IEC 62443, a set of standards developed by the ISA99 and International Electrotechnical Commission (IEC) committees to improve the safety, availability, integrity, and confidential- ity of components or systems used in indus- trial automation and control. Adopted by many countries, these standards can be used across industrial control segments. There are also oth - ers, including ISO/IEC 27001, which provides requirements for an information security man- agement system (ISMS). These standards are not set in stone, either, but instead evolve to reflect a changing threatscape. They become stronger when the wide range of companies and organizations working within the industrial space share their experiences and insights, as well as actively participate in refining these standards. For end users, a strong security culture has its foundations in a close tracking of and adherence to evolving standards, protocols, and best practices. However, standards bodies are just one piece of a broader matrix of organizations that set FAST FORWARD l Cybersecurity involves actors at many levels—each with a role to play. l Better synergy between these actors is essential to combatting the risks inherent to today's hyperconnected landscape. l We must encourage transparency, open communication, and ongoing collaboration. Now is the time; our future depends on it. COVER STORY INTECH NOVEMBER/DECEMBER 2018 11

Articles in this issue

Archives of this issue

view archives of InTech - NOV-DEC 2018