Keeping cyber safe in industrial settings

Just as we brush off the dust from the recent CrowdStrike outage, where millions of computers around the world were shut down due to a corrupted cybersecurity software update, a cyber-attack on Microsoft created a global outage on their products recently. But these are not just one-off events. The cost of cybercrime globally is estimated at USD9.22 trillion and counting.

Yet despite cyberattacks making regular headlines, many organizations remain sitting ducks. According to research by cyber security firm Censys, over 430 digital systems controlling US infrastructure are vulnerable to cyberattacks. According to Censys, many of them have no passwords and anyone can access them despite the fact that they control systems like dams, water pumps and oil wells.

Industry remains a key target. In 2023, more than 25% of all cyber-attacks worldwide involved manufacturing companies. Ransomware was common across many subsectors, particularly when it came to metal and automotive production. In 2022, the global average cost per industrial data breach was around USD 4.73 million.

Addressing cyber security across an industrial organization is complex because too much will strangle functionality and too little will let the hackers in. The balance lies across a number of factors, such as limiting financial risks while prioritizing health and safety.

Another challenge in operational technology (OT) settings such as manufacturing is that their industrial automation and control systems (IACS) are designed to facilitate ease of access from different networks. From a cybersecurity perspective, this creates added vulnerabilities.

International standards help. The IEC 62443 series is designed to keep operation technology (OT) systems running throughout their lifecycle by securing the IACS. It can be applied to any industrial environment, including critical infrastructure facilities, such as power utilities or nuclear plants, as well as in the health and transport sectors.

IEC 62443-2-1 provides requirements for a security programme for IACS asset owners. It describes the methodology for addressing cyber security risks in the design of an IACS system, which helps to identify risks and therefore make informed decisions regarding the appropriate security requirements.

An IACS security programme is configured to meet specific functional needs, thus being more robust and rigorous than an off-the-shelf product and reduces the risk of new threats being introduced. It also enables integration with the organization's processes and information security management system.

IEC 62443-2-1 has just been updated to ensure it keeps up with latest market needs and industry trends.

IEC 62443-2-1 and all of the IEC 62443 series is developed by the IEC technical committee TC 65 which develops standards for industrial-process measurement, control and automation.

Public link

Please use the above public link if you want to share this noodl on another website.