Our 4 Monthly Magazines

TRENDING NOW

The only Fire Safety Security Dedicated Publication House publishing 4 monthly magazines on Fire & Safety, Occupational Workmen Safety and Industrial Safety, Security and Surveillance including Cyber Security Since 1998

Our Clients

HomeArticle/ FeaturesIt's not just about the Data

It’s not just about the Data

While the list of potential security threats that could have safety implications is vast, there are a few key steps every organization can take to help identify and mitigate risks.

Industrial operators building their IoT security strategy need to think beyond protecting data and uptime. Within the plant, security also is about protecting employees and equipment. Beyond the plant, there is a responsibility to safeguard the environment, as well as critical infrastructures and supplies on which people depend.

The potential effects that security breaches can have on safety may not be top of mind, but the consequences can be among the most extreme.

Imagine if a machine safety system was the target of a successful cyberattack. It might not know to slow down or stop if it reached dangerous conditions. In other words, the very protections that safety systems are designed to provide, might be lost.

The potential impact of such an attack could lead to an employee being injured or subject an entire facility to widespread safety risks, such as fires, leaks or explosions. The risks are exacerbated in facilities that handle volatile materials, such as oil and gas processing and inherently hazardous operations like mines.

Safety-related risks also can extend beyond company-owned facilities. A cyberattacker who targets a food or pharmaceutical operation with the intention of contaminating products, for example, could threaten consumer safety. On an even larger scale, a security attack on a critical infrastructure, such as energy or water-processing facilities, could affect the well-being and safety of millions of people. Concerningly, such facilities experienced a 20 percent increase in cyberincidents in 2015.

While the list of potential security threats that could have safety implications is vast, there are a few key steps every organization can take to help identify and mitigate risks.

Bringing Together Safety and Security

While traditionally viewed as separate priorities, industrial operations should think of security and safety as integrated, and with many shared goals and techniques.

Culturally, companies should place the same emphasis on protecting safety systems as they do on protecting data and other assets. This can stem from increased collaboration between teams – especially EHS, IT and operations – as well as a deep understanding of how security and safety impact one another.

Companies also should work to meet security requirements outlined in relevant safety standards. Several IEC standards outline how to help address safety risks that may stem from security issues. Section 7.4 of IEC 61508, for example, recommends conducting an analysis on any unauthorized action that could constitute a security threat.

IEC 61511 provides clearer guidance. It says security risk assessments are required for safety instrumented systems, and that their design must provide necessary precautions against any risks identified in an assessment.

There also are an increasing number of safety technologies with built-in security features. These can help protect against safety system breaches and assist with recovery if a breach occurs.

Set the Baseline With Risk Assessments

Addressing safety through security starts with conducting separate safety and security risk assessments.

A safety risk assessment analyzes compliance with safety standards (including the two mentioned above). It should take into account every activity that involves human-machine interactions, including setup, cleaning, maintenance and daily operations. It also should be expanded to analyze safety risks from cybersecurity threats.

A security risk assessment takes a holistic view of software, networks, control systems, policies and procedures, as well as employee behaviors.

While the two assessments should be independently conducted, they can work toward the same end goal: managing risk at the company level when it comes to protecting internal and external groups.

Enhancing Safety Through Security

Once assessments are completed, manufacturers should examine how security impacts safety and how to address their unique set of risks. Some key measures that can be effective in almost any organization include the following:

  • Segmentation as part of a defense-in-depth strategy can help limit access to safety systems. Firewalls, VLANs and switches all can help securely segment networks and establish smaller zones of trust and simplify policy enforcement.
  • Asset-management software can be used to track and manage changes across a facility, including safety systems. It will detect deviations from regular operations and alert operators of problems.
  • Authentication and authorization security can limit who can access software, what they can see and do, and from where they can perform actions.
  • Physical security measures can include access control, device locks and video surveillance.
  • CIP Safety and CIP Security can help safeguard data and mitigate attacks on safety systems. They are common industrial protocol (CIP) extensions that operate on EtherNet/IP networks. CIP Safety allows safety devices to coexist on the same network as standard devices, and enables a safe shutdown in the event of a denial-of-service attack. CIP Security incorporates data integrity and device authenticity into network communications.

In addition to these and other measures, companies should have processes and procedures in place to help them quickly respond to the release of safety and security advisories. This can be as simple as having guidelines in place to confirm the advisories are read, that the risk described is evaluated in the company’s context, and should also include patch-management procedures to help mitigate risks to any impacted devices.

A Holistic Approach to Intertwined Risks

When manufacturers understand how cybersecurity threats can impact the safety and wellbeing of their employees, facilities and the environment, they are better equipped to take a holistic approach that integrates security and safety considerations. A wealth of tools, technologies, services and educational resources are available to help manufacturers meet compliance requirements, conduct appropriate risk analyses, and mitigate both safety and security risks in connected operations.

Editor’s Note

A Milestone Year for Fire & Safety It is truly humbling to witness the phenomenal success of this year’s Fire India Expo. The event exceeded...

Fire India 2024: Shaping the Future Landscape of Fire & Safety

The highly anticipated Fire India 2024 Exhibition unfolded in grand style from September 26th to 28th at the prestigious Yasho Bhoomi, IICC, Dwarka, Delhi...

Related Article

Editor’s Note

A Milestone Year for Fire & Safety It is truly humbling to witness the phenomenal success of this year’s Fire India Expo. The event exceeded...

Fire India 2024: Shaping the Future Landscape of Fire & Safety

The highly anticipated Fire India 2024 Exhibition unfolded in grand style from September 26th to 28th at the prestigious Yasho Bhoomi, IICC, Dwarka, Delhi...

Prolite Autoglo Limited Wins “Best Emergency Lights for Safe Evacuation” Award at Kings Excellence Awards 2024

Prolite Autoglo Limited, a pioneering leader in fire safety and personal protective equipment, is proud to announce that it has been awarded the "Best...

Shah Bhogilal Jethalal & Bros Wins Kings Excellence Awards 2024 for “Best Fire Fighting Drone”

Shah Bhogilal Jethalal & Bros. (Brand Name AAAG), a pioneering leader in fire safety and personal protective equipment, is proud to announce that it...

Integral Safety Engineers Celebrates Recognition of Best Victim Location Search Camera at the Kings Excellence Awards 2024

Integral Safety Engineers proudly announces that they have been honored with the Best Victim Location Search Camera award at the prestigious Kings Excellence Awards...