Safety and cybersecurity are interconnected in the manufacturing environment. Security breaches can trip systems that stop machinery or alert operators in the event of a problem, damaging equipment, placing people at risk—even causing environmental calamities.
Yet at many manufacturers, safety and information technology teams do not effectively collaborate.
“If you discover a vulnerability in IT, you patch it and move on,” said Steve Ludwig, safety programs manager for Rockwell Automation. “On the [operations technology] side, that’s not the case. We need more education in the engineering community about OT risks.”
Safety-related security breaches can occur when:
Employees or contractors inadvertently plug an infected machine into the system; connect to an unsecure network; or download the wrong program.
Disgruntled current or former employees, knowing the ins and outs of a system, break in and cause damage.
Hackers break into an operations system for financial, competitive, or political reasons.
State-sponsored spies target critical infrastructure and production systems to disrupt operations or steal secrets.
Cybercriminals seek to disrupt, infect or shut down critical infrastructure, from nuclear plants to water supplies and oil refineries.
EHS, operations and IT teams should work together to identify safety data requirements for operations systems and develop a risk-management strategy for security threats and vulnerabilities, as well as their potential implications on safety.
A safety assessment looks at not only standard operator functions but all human-machine interactions, including machine setup, maintenance, cleaning and sanitation, as well as training and administrative requirements. In addition, companies should expand their traditional scope of this assessment and look at potential cyberattack risk.
- Laura Putre