Industrial organisations are operating in ways they scarcely could have imagined a few decades ago. They are converging historically separate information technology (IT) and operations technology (OT) systems, and using mobile, analytics and cloud to increase connectivity and information sharing. This is significantly improving operations but also creating more potential entrance points for security threats.
To address this, Rockwell Automation has developed a three-step approach for building an industrial security program that extends from the enterprise to the plant level, and helps mitigate risk across people, processes and technology. The three steps include:
- Security assessment: Conduct a facility-wide assessment to understand risk areas and potential threats
- Defence-in-depth security: Deploy a multilayered security approach that establishes multiple tiers of defence
- Trusted vendors: Verify that your automation vendors follow core security principles when designing their products
Lee Lane, chief product security officer, Rockwell Automation says: “We think of industrial security as a layered model and seek to create a unified infrastructure for customers. Our approach takes into account the connections between network security, as well as the physical security and safety in industrial areas.”
For industrial organisations, security threats will continue to evolve. To keep pace, a holistic security program should evolve with and stay ahead of the changing threat landscape. Following the three-step approach will help organisations establish a program that can help protect intellectual property, facilities, assets, employees and competitive advantages into the future.