InTech

MAR-APR 2019

Issue link: http://intechdigitalxp.isa.org/i/1099885

Contents of this Issue

Navigation

Page 14 of 59

INTECH MARCH/APRIL 2019 15 COVER STORY tioned in the cloud discussion, the in- tegrity of the data is paramount. The convergence of data availability via an increase in sensor technology, our ability to move that data, and now the compute resource made available to act upon that data have reached a point where ML/AI are viable. Securing the acquisition at the lowest levels and ensuring the integrity of that data is es- sential to using it securely. Edwards: Access to powerful com- puting platforms is a big win for ad- vanced control. The industry will continue to see unique optimiza - tion opportunities that we could only dream of before. Having that much data in one place for the algorithms to eat for breakfast, though? That could pose a challenge from an intellectual property perspective, so I think even these applications have to be thought - ful from a security perspective or you might get into trouble. Collaboration Cybersecurity is big and getting bigger, and the level of complexity is rising. One way to overcome the complex- ity of securing disparate systems from multiple vendors is to join together and collaboratively share knowledge. This is one of the primary ways we as an in dustry can grow to be more effective. Kling: Taking on new and increas- ingly dangerous cyberthreats can't be limited to a single company, industry, or region. That's why everyone associated with industrial manufacturing—sup- pliers, end users, third-party provid- ers, integrators, standards bodies, and even government agencies—must come to gether. We need to collaboratively de- velop new ways of ensuring legacy and emerging technologies alike can with - stand sophisticated cyberattacks. On the whole, our industry is gener- ally pretty conservative, but we have to change that culture when it comes to cybersecurity. The most effective way to do this is to encourage a collaborative, three-pronged approach that focuses on people, processes, and technology. First, we have to work together to make sure everyone—everywhere— knows they are responsible for cyberse- curity. This includes ensuring everyone is trained, with defined, clearly under- stood roles, responsibilities, and pro- cedures to prevent, mitigate and, most importantly, respond to cyberattacks. Second, we have to work together to establish best processes, practices, and policies, especially as it relates to per - forming regular risk and threat assess- ments and gap analyses. That approach is proven to identify holes in our sys - tems and our overall security posture. Additionally, there is an opportunity for industry to work together to help end users contain, mitigate, and even pre - vent the spread of any virus and mal- ware via network segmentation, the ap- plication of zones and conduits, and the establishment of other processes. This includes strengthening an industrywide commitment to adhering to best prac - tices, especially a drive to remain com- pliant with prevailing, most-current in- dustry standards, like IEC 62443. Third, we need to find ways for sup- pliers to work together to strengthen their products with today's threats in mind. Keep in mind that end users are frequently using a mix of systems from various vendors and vintages. Can we collaborate and evolve our technology to help them address cybersecurity issues in their frequently complex op- erating environments? The answer is yes, but it requires a cultural shift and a strong commitment from industry leaders. It really is time for industry as a whole to step up. By collaborating openly and transparently, we increase our collec- tive ability to protect the world's most critical operations and the people and communities we all jointly serve. Let's get it done. Edwards: This is an area that can really help advance cybersecurity. We are all in this together, and cybersecurity should not be a competitive differentiator be - tween vendors. If we could truly come together as an industry and share the in - formation about threats and attacks with each other in an open yet safe environ - ment, then I think we could all advance our capabilities to defend against these things. This is sort of a hot button for me, coming from my ICS-CERT background. I am optimistic that we will follow some of the trends of other industries, such as the financial services industry, where this type of information sharing is very well accepted and functions with a very high level of success. n Author's note Thank you to Andy Kling and Marty Edwards for sharing their knowledge and thoughts on industrial cybersecu- rity. The International Society of Auto- mation has a wide range of industrial cybersecurity training resources (see www.isa.org). ABOUT THE AUTHOR Bill Lydon (blydon@isa.org) is InTech's chief editor. ABOUT THE EXPERTS Andy Kling, CSSLP, is industry automa- tion product security officer and se- nior director of system architecture at Schneider Electric. He has more than thirty years of software development experience in multiple industries. Kling has ushered the company's process au- tomation development organization to compliance with IEC 62443 standards at the process, product, and system lev- els. Kling is a participating senior mem- ber of ISA, primarily contributing to the ISA/IEC 62443 cybersecurity standards. Marty Edwards (medwards@isa.org) is director of strategic initiatives at ISA and managing director of the Automation Federation. He was previously director of the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), an operational division of the National Cybersecurity and Communications Inte- gration Center. View the online version at www.isa.org/intech/20190401. RESOURCE "Number of Connected IoT Devices Will Surge" https://technology.ihs.com/596542/number- of-connected-iot-devices-will-surge-to- 125-billion-by-2030-ihs-markit-says

Articles in this issue

Links on this page

Archives of this issue

view archives of InTech - MAR-APR 2019