Industrial Cybersecurity Pulse
  • SUBSCRIBE
  • Threats & Vulnerabilities
  • Strategies
  • IIoT & Cloud
  • Education
  • Networks
  • IT/OT
  • Facilities
  • Regulations
Industrial Cybersecurity Pulse
Subscribe
Industrial Cybersecurity Pulse
  • Threats & Vulnerabilities
  • Strategies
  • IIoT & Cloud
  • Education
  • Networks
  • IT/OT
  • Facilities
  • Regulations
  • IIoT & Cloud

How cybersecurity is affecting control and automation

  • Max Wandera
  • February 1, 2021
Eaton recommends managing cybersecurity risks through a Secure Development Lifecycle (SDL) with protocols in place for threat modeling, requirements analysis, implementation, verification and ongoing maintenance to manage risks throughout the product lifecycle.In October 2020, Eaton became the first company to have its product development processes certifiedby the IEC and UL. Eaton recently joined the International Society of Automation (ISA) Global CybersecurityAlliance as a founding member to advance advocacy for a global cybersecurity standard and industry collaboration. Courtesy: Eaton
Eaton recommends managing cybersecurity risks through a Secure Development Lifecycle (SDL) with protocols in place for threat modeling, requirements analysis, implementation, verification and ongoing maintenance to manage risks throughout the product lifecycle.In October 2020, Eaton became the first company to have its product development processes certifiedby the IEC and UL. Eaton recently joined the International Society of Automation (ISA) Global CybersecurityAlliance as a founding member to advance advocacy for a global cybersecurity standard and industry collaboration. Courtesy: Eaton
Total
0
Shares
0
0
0
0

Learning Objectives

  • Cybersecurity global standards from IEC, ISA Global Cybersecurity Alliance and UL help lower risk. 
  • Cybersecurity education and training. 

The Industrial Internet of Things (IIoT), connected devices and the vast amounts of generated data create industrial opportunities, but it also increases cybersecurity risks. This shift challenges engineers to follow robust cybersecurity practices to design and build systems that will operate securely throughout the lifecycle. Max Wandera, director of Eaton’s Product Cybersecurity Center of Excellence, provided best practices for control engineers working on industrial cybersecurity and discussed how cybersecurity is affecting control and automation.

What are the biggest cybersecurity challenges facing the control and automation industries?

Key trends impacting cybersecurity are increasing digitalization and the current lack of global, universally accepted standards for cybersecurity. Creating trusted environments is a must, and I believe cybersecurity is a must-have for product development, much like safety and quality. Cybersecurity threats must be taken seriously and met proactively with a system-wide defensive approach.

Analysts at Grand View Research Inc. estimate nearly $950 billion will be spent on the deployment of IIoT solutions globally by 2025. As organizations expand their digital footprint, it is imperative to protect the availability, integrity and confidentiality of connected systems.

Creating cybersecure environments is complicated without a global conformance assessment. Today, countries throughout the world develop their own requirements. This conformity gap makes it difficult for manufacturers to determine the standards to which they should build and comply, particularly as products are manufactured and sold around the world.

Further, control systems and electrical infrastructure typically consist of technologies from different suppliers. Where should the element of trust begin and end if there is no global conformity assessment scheme to ensure integrated components lack vulnerabilities?

Having a common set of verified product requirements at a global level, is an important starting point. On cybersecurity, Eaton has worked with UL, the International Technical Commission (IEC), the International Society of Automation (ISA) Global Cybersecurity Alliance and other partners inside and outside of the electrical industry to drive development of a global conformance assessment for power management technologies.

How can engineers ensure critical systems and processes are built on a secure foundation?

Security of a network or system is only as strong as its weakest link. Engineers need to make sure they are applying secure-by-design principles throughout their development lifecycle. They need to make sure they have the right training, technology and process in place to drive cybersecurity requirements throughout the product lifecycle.

Which cybersecurity codes and standards are important for engineers?

There are process, product and lab certifications, and achieving accreditations is essential to building trusted environments.

The IEC adopted the 62443 series of standards, which is a framework to address the cybersecurity of industrial control systems (ICSs). These standards provide requirements for all of the principal roles across the system lifecycle – from product design and development through integration, installation, operation and support. IEC also added 62443-4-2 to improve the security of products.

Eaton recommends managing cybersecurity risks through a Secure Development Lifecycle (SDL) with protocols in place for threat modeling, requirements analysis, implementation, verification and ongoing maintenance to manage risks throughout the product lifecycle.In October 2020, Eaton became the first company to have its product development processes certifiedby the IEC and UL. Eaton recently joined the International Society of Automation (ISA) Global CybersecurityAlliance as a founding member to advance advocacy for a global cybersecurity standard and industry collaboration. Courtesy: Eaton
Eaton recommends managing cybersecurity risks through a Secure Development Lifecycle (SDL) with protocols in place for threat modeling, requirements analysis, implementation, verification and ongoing maintenance to manage risks throughout the product lifecycle.In October 2020, Eaton became the first company to have its product development processes certified by the IEC and UL. Eaton recently joined the International Society of Automation (ISA) Global CybersecurityAlliance as a founding member to advance advocacy for a global cybersecurity standard and industry collaboration. Courtesy: Eaton

UL also created its 2900 Standard for Software Cybersecurity for Network-Connectable Products (UL 2900). These guidelines include processes to test devices for security vulnerabilities, software weaknesses and malware. This standard confirms the device manufacturer meets the guidelines for:

  • Risk management processes
  • Evaluation and testing for the presence of vulnerabilities, software weaknesses and malware
  • Requirements for security risk controls in the architecture and product design.

IEC and UL certification of product development processes mean that customers can be confident that products and solutions they buy from us meet the same level of standards recommended by two key standards organizations across the globe.

UL provides a data acceptance program for manufacturers, which certifies testing laboratories with the global capability to test products with intelligence or embedded logic to key aspects of its 2900 standard. Products tested in these specialized labs are compliant with the industry’s highest cybersecurity requirements before they’re installed in critical systems. We introduced the first research and testing facility approved to participate in UL’s Cybersecurity Client Lab Validation program in Pittsburgh and later added a second Eaton lab to join the program in Pune, India.

Beyond product certifications, I recommend engineers consult with manufacturers that embed security throughout the product development process, the secure development lifecycle (SDL). SDL was created in response to an increase in virus and malware outbreaks after year 2000. This approach to product development places cybersecurity front and center from inception to deployment and lifecycle maintenance. SDL can help manufacturers stay ahead of cybercriminals by managing cybersecurity risks throughout the lifecycle of a product or solution.

What is the importance unifying cybersecurity requirements for connected devices and systems?

A connected world needs trusted environments. Advancing digitalization while building trust ensures the highest level of defense against emerging cybersecurity threats.

As more industries deploy IIoT devices, the security and safety of systems providing essential operations become more important and more difficult to manage. These complexities are due, in part, to a lack of a global, universally accepted cybersecurity standard and conformance assessment scheme designed to validate connected products.

A multitude of different standards and regulations created by various organizations, countries and regional alliances across the globe. All of these standards and regulations address the urgent need to secure our connected world, however they also create the potential for confusion and possibility of weak links in critical infrastructure ecosystems.

The time to drive a singular conformance assessment is now, and we’re working with leaders across the industry to do just that.

The  International Society of Automation (ISA) Global Cybersecurity Alliance and its members advance advocacy for a global cybersecurity standard and industry collaboration.

How can engineers learn more about designing and maintaining securely connected systems?

Cybersecurity perspectives is a virtual global forum to help advance trusted digital environments. This online learning platform assembles experts, partners and customers from around the world to discuss hard-won lessons, best practices and industry standards to support a more secure tomorrow.

On-demand educational sessions include keynote insights from industry leaders and expert-led panel discussions on security trends.

Max Wandera is director, Product Cybersecurity Center of Excellence at Eaton.

KEYWORDS: Industrial cybersecurity, control and automation

CONSIDER THIS 

What have you done lately to lower cybersecurity risk?

ONLINE LINKS

Learn more about the product development processes certified by the IEC and UL.

Also, learn more about Eaton joining the ISA Global Cybersecurity alliance.

RELATED ARTICLES

Building automation, oil and gas facilities are top cybersecurity targets
https://www.industrialcybersecuritypulse.com/building-automation-oil-and-gas-facilities-are-top-cybersecurity-targets/

Improving cybersecurity in robotic automation
https://www.industrialcybersecuritypulse.com/improving-cybersecurity-in-robotic-automation/

Max Wandera
Max Wandera

Max Wandera is director, Product Cybersecurity Center of Excellence at Eaton.

Related Topics
  • CFE Content
  • Featured
Previous Article
Cybersecurity Locks
  • IIoT & Cloud

Securing the IoT by design

  • Joe Lomako
  • January 7, 2021
Read More
Next Article
Courtesy: SAP
  • IIoT & Cloud

Five digital transformation trends in manufacturing for 2021

  • Julia Quintel and Johannes Papst
  • March 8, 2021
Read More
You May Also Like
Smartphone apps may connect to vulnerable cloud servers
Read More
  • IIoT & Cloud

Smartphone apps may connect to vulnerable cloud servers

  • John Toon
  • April 8, 2021
Courtesy: SAP
Read More
  • IIoT & Cloud

Five digital transformation trends in manufacturing for 2021

  • Julia Quintel and Johannes Papst
  • March 8, 2021
Cybersecurity Locks
Read More
  • IIoT & Cloud

Securing the IoT by design

  • Joe Lomako
  • January 7, 2021
Read More
  • IIoT & Cloud

Internet of vulnerable things: New industrial attack vectors

  • Michael Rothschild
  • August 30, 2020
IT/OT
Read More
  • IIoT & Cloud

New ways to attack Industry 4.0

  • Gregory Hale
  • June 9, 2020
Read More
  • IIoT & Cloud

How to manage IoT cybersecurity

  • Gregory Hale
  • September 10, 2019
Read More
  • IIoT & Cloud

Ensuring IIoT cybersecurity best practices

  • Gregory Hale
  • September 6, 2019
Protecting the production line in the Industrie 4.0, IIoT age
Read More
  • IIoT & Cloud

Protecting the production line in the Industrie 4.0, IIoT age

  • Anne Klebsch
  • April 25, 2019
NEWSLETTER

GET ON THE BEAT

Keep your finger on the pulse of top industry news

COUNT ME IN!
Hacks & Attacks
  • Throwback Attack: A Florida teen hacks the Department of Defense and NASA

    By Gary Cohen | April 8, 2021

  • U.S. cybercrime surging, annual losses hit $4.2 billion in 2020

    By StockApps | April 2, 2021

  • Throwback Attack: Hackers steal 1 TB of data from beverage giant Brown-Forman

    By Gary Cohen | April 1, 2021

  • Molson Coors cyberattack impacts production, shipments

    By Gary Cohen | April 1, 2021

  • Evaluating 2021 cyber threat landscape trends

    By Derek Manky and Aamir Lakhani | March 26, 2021

EDUCATION BEAT

Introduction to Cybersecurity within Cyber-Physical Systems

Cyber-physical systems serve as the foundation and the invention base of the modern society making them critical to both government and business.

REGISTER NOW!
Recent News
  • Smartphone apps may connect to vulnerable cloud servers

    By John Toon | April 8, 2021

  • Five digital transformation trends in manufacturing for 2021

    By Julia Quintel and Johannes Papst | March 8, 2021

  • Securing the IoT by design

    By Joe Lomako | January 7, 2021

  • Internet of vulnerable things: New industrial attack vectors

    By Michael Rothschild | August 30, 2020

Resources
  • The International Society of Automation

  • Cybersecurity & Infrastructure Security Agency (CISA)

  • NIST: Guide to Industrial Control Systems Cybersecurity

  • Video: Cybersecurity for Energy Managers

  • Helpful links and Resources

Industrial Cybersecurity Pulse
  • Contact
  • Privacy Policy
  • Terms and Conditions
CFE Med Tech

Copyright 2021

BETA

Version 1.0

Connect With Us!
Facebook
Twitter
LinkedIn
Reddit

Input your search keywords and press Enter.

By using this website, you agree to our use of cookies. This may include personalization of content and ads, and traffic analytics. Review our Privacy Policy for more information. ACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT