• Magazine Subscription
  • ENewsletters
  • EHS Education
  • Safety Leadership Conference
  • America's Safest Companies
  • Podcasts
    • Ehstoday 10767 Cybersecurity 7
    1. Safety Leadership Conference

    SLC 2019: Taking the Risk Out of Your Security Management

    Nov. 12, 2019
    “Companies must understand that safety and security yare no longer separate issues,” says Steve Ludwig, Safety Program Manager for Rockwell Automation

    As companies are digitally transforming their operations and increasing connectivity, they are also increasing their risks, explained Steve Ludwig, Safety Program Manager for Rockwell Automation at  EHS Today’s Safety Leadership Conference.

    “Does your company view security risks as safety risks?” Ludwig asked the audience during this session. “When you talk about cybersecurity there is a belief that you are talking about information, but we are also talking about risk to workers, assets, the environment and a company’s reputation.”

    To make his point Ludwig gave a few examples. A German steel mill whose system was manipulated and resulted in massage damage when it was unable to shut down. And at a water treatment plant in Australia, radio commands were sent to sewage equipment causing 800,000 liters of raw sewage to spill into local parks and rivers which killed marine life.

    How does this happen?  IT and OT are now connected. While being able to access information from operations is essential to secure the data needed to perform the higher analytic function that provides the benefit of Iot and IIot, there is also a higher risk. Often hackers are now getting into the safety systems in order to get into the process systems. 

    Who are the people behind these cyberattacks?

    At the top of the list are insiders. Sometimes it’s disgruntled workers and sometimes it’s just worker errors. Then there are cybercriminals, hacktivists, terrorists and even nation-states.

    No matter who is trying to enter a company's network, there are ways that company's can protect themselves. Ludwig offered some fundamentals of cybersecurity that companies should follow.

    Asset Management: know your assets and their potential risks

    Authentication Authorization Accounting: know your users

    Implement patch management policies and procedures

    Computer and mobile endpoint protection

    Disaster recovery (Backup and restore)

    Raising awareness to personnel

    Basic network security tasks

    “Companies must understand that safety and security are no longer separate issues,” says Ludwig. “ The solution is to have a risk management approach and collaborate across all functions of the company.”

    Continue Reading

    Sponsored Recommendations

    ISO 45001: Occupational Health and Safety Management Systems (OHSMS)

    March 28, 2024
    ISO 45001 certification – reduce your organizational risk and promote occupational health and safety (OHS) by working with SGS to achieve certification or migrate to the new standard...

    Want to Verify your GHG Emissions Inventory?

    March 28, 2024
    With the increased focus on climate change, measuring your organization’s carbon footprint is an important first action step. Our Green House Gas (GHG) verification services provide...

    Download Free ESG White Paper

    March 28, 2024
    The Rise and Challenges of ESG – Your Journey to Enhanced Sustainability, Brand and Investor Potential

    Free Webinar: Mining & ESG: The Sustainability Mandate

    March 28, 2024
    Participants in this webinar will understand the business drivers and challenges of ESG and sustainability performance, the 5 steps of the ESG and sustainability cycle, and prioritized...

    Voice your opinion!

    To join the conversation, and become an exclusive member of EHS Today, create an account today!