Cybersecurity Guidebook for the Power and Water Industries
A practical guide to what you should start, stop, and continue doing to protect your assets from cybersecurity threats
Take the Next Steps with Your Cybersecurity Program
Over the past decades, industrial control system manufacturers and suppliers have accomplished incredible technological advancements in the products and services our industries provide. Process control operations comprise critical pieces of the global economy and infrastructure, like generating the energy needed to power our world and providing safe drinking water for our communities. As the demands of our industries have become more sophisticated, so has the complexity of operations–necessitating that legacy self-contained control systems are now connected to business networks and therefore, however indirectly, to the internet.
By leveraging the connectivity of the broader business network, manufacturers have revolutionized interconnected processes, but also encountered new risks to the safety, profitability and reliability of plant operations. Cybersecurity needs to be in every operational conversation not just today, but every day going forward.
An important factor in implementing a cybersecurity program is effective change management. Emerson’s cybersecurity leaders have compiled this brief guide based on the Start-Stop-Continue change management model to help you lead organizational change and take immediate steps to make your operations more secure. Every organization is at a different point in the cybersecurity journey. While not all points will reflect where you are in your journey, take this guide as a reminder to continue that evolution to a cybersecurity-aware organization.
Hackers aren’t standing still—attacks are becoming more sophisticated. Our systems and operational practices must evolve to stay ahead of the potential threats and malware. Let’s start taking the right steps today to ensure the security and thereby the reliability of our power and water industry control systems and plant operations.
Effective cybersecurity programs are critical for a resilient energy future as the expanding digital nature of the global energy landscape creates a larger attack surface and heightens the risk of cyber threatEmerson Supports the Adoption of IEC 62443 Family of Cybersecurity Standards
The IEC 62443 is a family of standards that defines requirements for how a distributed control system (DCS) should be developed, deployed, and maintained to dramatically enhance the cybersecurity of the installed system. Cybersecurity is as important in today’s climate as safety. And, in many ways, this standard is similar to what is currently required for Safety Instrumented Systems for safety certification.
Following the requirements defined in the IEC 62443 standards, Emerson has trained its developers of Ovation™ automation platform to create new secure products. We continue to harden the individual components of the automation system and have created system-wide capabilities, both internally and with partners, to better secure the automation system as a whole.
In addition to protection that is integral with the system, it is imperative the end user has an active role to ensure security best practices are enforced in the distributed control system deployment at their site. This can be accomplished through, among other things, work processes, behaviors, lifecycle management and training. The combination of all the above will result in a state-of-the-art cybersecure installation.
Adopt a Risk-Based Approach to Cybersecurity
Organizations regularly evaluate the risks to their business and operations. Cybersecurity is an organizational risk that affects strategic, compliance, operational, financial and reputational risks. A risk-based approach to cybersecurity is not to protect against all threats to your control system, but to identify potential vulnerabilities and make a strategic decision based on the likelihood and impact of each vulnerability.
As wind farms age, so does their automation systems, making them more vulnerable to cyberattacks. One way to mitigate potential attacks is to align security programs with industry best practices in four key areas—Identify, Protect, Detect and Respond/Recover.
The Time for Cybersecurity is Now.
Cybersecurity threats are more prevalent than ever. Has your organization taken the necessary steps to ensure it is protected from the next malware or ransomware attack? Emerson has a comprehensive portfolio of cybersecurity solutions and strategies aimed at helping you assess and reduce your risk level. Begin building the foundation for a cybersecure future today.
Enhance your cybersecurity posture by downloading our comprehensive Cybersecurity Guidebook for the Power and Water Industries.
Emerson