Five steps to better industrial security – Part Two
Richard Mayr, COPA-DATA
Reinhard Mayr, the product manager of COPA-DATA continues his discussion of the five vital steps any manufacturer can take to improve the security of connected automated systems.
3.Provide additional security for sensitive information
When implementing security measures, it’s important for the user to decide what information is considered sensitive to the company. In an ideal world, everything would be encrypted, but cost and transmission issues will usually impede this. A solution would be to identify the areas with a higher risk of a potential security breach and use your findings to design your counteractions.
While the standard features of zenon make networks secure to external threats, potential threats from inside the facility still need to be considered. Although it’s something that most companies don’t like to think about, these situations are increasingly common. The easiest way to stop internal threats is to give only one or two users access to a security system’s project data. This way, security features can’t be shut down by unauthorised personnel and companies can rest assured their system is secure.
4.Keep your policy updated
When setting up your initial security policy, commitment from CEOs and management is extremely important as the most challenging step is ensuring that the entire workforce has a common mindset. If there are breaches in one area of the company, protection measures elsewhere can become obsolete.
Your security policy should include a regular risk assessment, carried out at least once every twelve months. This allows you to identify potential breaches and assess how vulnerable your system is to attacks. There needs to be a spread of knowledge within the company on the growing importance of cyber protection, so ensure that staff regularly engage with the policy. Staff members need to know that cyber attacks aren’t limited to standard office computers.
Security is an issue throughout the increasingly connected production line and everyone needs to be familiar with the company cyber security policy.
5.Train the team
When new industrial automation software is implemented, the provider should ensure standard training on all of its features, from operating the user administration platform, to identifying encryption requirements. COPA-DATA runs dedicated workshops with customers to help establish provisions based on the features that zenon offers.
The current problem with internal security training is that the majority of industries aren’t aware of the risks. They may have heard of the term cyber security, but still associate it with office environments. The energy sector shows the most awareness because of recent smart grid breaches. However, in many other sectors that use industrial automation, there’s a low level of knowledge, which correlates to organisations’ levels of commitment to improving their cyber security.
Over the past few years, the amount of security breaches has been rapidly increasing. To counteract this, companies should be prepared to increase their focus on the topic and employ the help of Chief Information Security Officers or external specialists. If your staff are aware of the consequences of a security breach, they may be more willing to make changes to current procedures.
Not all internal security breaches happen intentionally, and it’s likely that your employees don’t consider them as they go about their day-to-day activities. Following these five simple steps can give you peace of mind, a workforce that is engaged and on board with security policies and a secure automated system.