I've been researching and reporting on cybersecurity for more than a few years now, but it still makes me nervous—and I'm not even close to responsible for keeping a process application, network or facility free from cyber probes, intrusions or attacks. Heck, all I do is write about cyber threats, and it gives me the heebie jeebies, so I can scarcely imagine what it must be like for all the brave—but undoubtedly stressed—individuals actually responsible for the cybersecurity of their applications and companies.
Maybe you're one of them, or maybe you're one of their many colleagues, supervisors, contractors or clients, who want to help their organizations and affiliates be more secure by simply adopting and following better cybersecurity hygiene, procedures and practices.
Either way, fear not. Now more than ever, there's a lot of help available.
To begin with, one of the most useful methods of dealing with a relatively new and alien difficulties is to seek out older and more familiar challenges, and see if they offer any lessons about how to deal with the latest problems. In the case of new and looming cyber threats, the better-known challenge that can provide guidance is process safety, which progressed along a similar learning and adoption curve, but did it years earlier than cybersecurity.
As a result, all of the hazardous operations (HazOp) studies, risk assessments (RA) and layer of protection analyses (LOPA) used to improve process safety can also be useful in understanding and addressing cyber threats and their potential consequences. In short, thinking about the "severity and frequency" of safety problems can also be used to conduct an RA for cybersecurity.
Plus, as bad luck would have it, a reported increase in cyber intrusions and attacks are targeting process safety devices and systems lately. As a result, if they weren't already linked by common practices, cybersecurity and process safety are now inextricably tied together by their unified goals of keeping their people and processes safe and operating without interference.
Just as understanding safety helps users conceptualize security, there are numerous other useful techniques and tools for addressing cybersecurity challenges. The good news is that many are far easier to learn about and implement than they were even a year or two ago. Just like researching and reporting, I recommend two simple steps—immersion and paying attention. From this initial exposure, common themes will inevitably emerge, and participants can begin to see which tools can be most useful for them, their processes and their organizations.
Once of the best places to get this kind of immersion on cybersecurity, process safety and other topics is at the many user group meetings and other technical conferences that Control's editors cover each year. They're much easier than emailing and telephoning all the experts I can think of.
Luckily, just before Thanksgiving each year, Rockwell Automation stages its Automation Fair event, one most comprehensive technical conferences anywhere. This year's edition will be held on Nov. 14-15 in Philadelphia, Pa., and will feature more than 150 exhibits and more than 400 hours of educational opportunities.
As usual, the fair will be preceded on Nov. 12-13 in the same location by the Rockwell Automation Process Solutions User Group that highlights the latest process automation innovations.
On the cybersecurity and process safety front, Rockwell Automation concurs that, "Safety and security must be addressed together, as part of a comprehensive risk management program that includes operations and IT systems. We'll discuss practical ways to make this happen and new technologies that can help on the show floor at Automation Fair 2018.
Some of the application sessions scheduled include:
"Understanding recent changes in process safety standards" (TS19) will cover the 15 years since the first release of IEC 61511, Functional safety: safety instrumented systems (SIS) for the process industries; second-edition updates released in 2017 and adopted in North America in early 2018; what else has changed and why; and how Rockwell Automation can help.
"Greenfield DCS chemical project delivers successfully through collaborative execution" (CS010) will show how specialty chemical manufacturer Croda selected PlantPAx DCS for its greenfield ethylene oxide plant, and how system integrator Applied Control Engineering Inc. and Endress+Hauser, a Rockwell Automation Strategic Alliance Partner, were instrumental in delivering a complete solution that included PlantPAx, intelligent MCCs, AADvance SIS, alarm rationalization workshops, a modern control room and instrumentation integration.
"PPG minimizes risk and matches performance needs by implementing SIS" (CS04) will trace how the specialty materials producer evaluated different techniques to reduce risk at its facility. With the help of a Rockwell Automation delivery team, PPG decided to implement an AADvance SIS, which provided risk mitigation targeted at a reasonable cost, and also offered expandability should the plant need to scale up in the future.