ISA Interchange

Welcome to the official blog of the International Society of Automation (ISA).

This blog covers numerous topics on industrial automation such as operations & management, continuous & batch processing, connectivity, manufacturing & machine control, and Industry 4.0.

The material and information contained on this website is for general information purposes only. ISA blog posts may be authored by ISA staff and guest authors from the automation community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Why Industrial Cybersecurity Needs to Start at the Top and Be Embraced by All

Cybersecurity should be a top-of-mind issue with automation professionals and people throughout their companies. Information technology systems are not the sole targets of cyberattack. Operational technology systems, including supervisory control and data acquisition systems, programmable logic controllers (PLCs), robotics, factory automation, distributed control systems (DCSs), and other manufacturing systems are also at risk for cybersecurity attacks.

The consequences of cyberattacks on automation systems can be far more serious than financial loss, including physical damage. Certainly, the source of threats can be part of the discussion, but more importantly, cybersecurity is an inside job. The only thing companies can control is developing, fortifying, and continually improving cybersecurity protection and programs inside the organization. This can include contracted outside resources as part of an overall cybersecurity protection development strategy, but at the end of the day, the primary responsibility rests on the shoulders of the manufacturing organization. Cybersecurity includes a range of hardware and software and the development of a cybersecurity-conscious culture inside the company.

There are similarities and important differences between plant safety and cybersecurity. Plant safety needs to be redefined as equipment and manufacturing processes are added and modified. Cybersecurity, however, requires an ongoing effort, since cybersecurity threats change at a much higher rate than production systems and equipment. Some of the same planning process safety principles apply, and both require an ongoing process of continual review, awareness, and updates.

Cybersecurity needs to start at the top and be embraced by everyone. A successful culture is developed by personnel seeing meaningful action to protect systems and information. Without building the culture, it is easy for people to take shortcuts around cybersecurity methods and procedures for expediency to solve production issues. Achieving a cybersecurity culture where everyone understands the value of the program is the goal.

Because cybersecurity threats can directly affect the manufacturing company's operations, the people on staff need to understand the technologies and processes for protection. This is the case even if the majority of cybersecurity protection is going to be outsourced. This really is not any different from doing an automation project using an in-house project manager and outside contracted resources. In either case, personnel need to become knowledgeable.

An excellent source for training is ISA, which offers a set of industrial cybersecurity certificate programs and aligned training courses in the market covering the complete life cycle of industrial automation and control system (IACS) assessment, design, implementation, operations, and maintenance. Each certificate program and training course is based on ISA/IEC 62443, the world's only consensus-based series of IACS standards and a key component of the U.S. government's cybersecurity plan.

Organizations that invest in a cybersecurity culture that proactively identifies vulnerabilities and protects the plant's critical infrastructure, operational performance, and profitability are unlikely to be a cybersecurity disaster news headline. 

ISA offers standards-based industrial cybersecurity training, certificate programs, conformity assessment programs, and technical resources. Please visit the following ISA links for more information:

A version of this article also was published at InTech magazine

Bill Lydon
Bill Lydon
Lydon has been active in manufacturing automation for more than 25 years. He started his career as a designer of computer-based machine tool controls; in other positions, he applied programmable logic controllers and process control technology. In addition to experience at various large companies, he cofounded and was president of a venture-capital-funded industrial automation software company. Lydon believes the success factors in manufacturing are changing, making it imperative to apply automation as a strategic tool to compete.

Related Posts

Checking In With Mimo, ISA's Large Language Model Trained on ISA Content

Over the summer of 2024, the International Society of Automation (ISA) announced a large language model (...
Kara Phelps Nov 15, 2024 7:00:00 AM

Ask the Automation Pros: The Use of Artificial Intelligence in Process Control

The following discussion is part of an occasional series, "Ask the Automation Pros," authored by Greg McM...
Greg McMillan Nov 12, 2024 4:30:00 PM

Protecting Electrical Terminal Blocks From Tampering

Electrical terminal blocks are a common sight in the automation world. Usually mounted on DIN rail in ind...
Anna Goncharova Nov 8, 2024 10:30:00 AM