Emerson’s Rick Gorskie has been sharing a series of Cybersecurity Moments. Although they are specific to the DeltaV distributed control system, much of the guidance is beneficial no matter what control or data acquisition system you might have. I’ll recap a few items from his recent posts in the Emerson Exchange 365 community here.
In a post, Cybersecurity Protection Starts at The Front Gate!, Rick opens highlighting the critical importance of the human element in cybersecurity:
No matter who you are or what your job title is, YOU are an integral part of the cybersecurity protection at your site. The very moment that you pass through the front gate, your cyber-related actions could possibly lead to the compromise of your site’s cyber-protection strategy. Human error is responsible for some of the worst data breaches on record and, because of a lack of cybersecurity awareness, organizations are risking their reputation, customer trust, and potentially their bottom lines when employees mishandle data.
Education of the plant staff in the collection of cybersecurity policies and procedures is critical. Some of these elements to highlight and continually reinforce include spear-phishing or phishing, indiscreet use of USB sticks, computer lock screens, unauthorized software downloads, and strong passwords (see Rick’s earlier post, DeltaV Secure Passwords: The Do’s and Don’ts). A security-minded culture must be built as a safety culture has been built, in the vast majority of manufacturing facilities.
In another post, New DeltaV Cybersecurity Course, he describes this training.
Based on the principles and guidelines of the DeltaV Security Manual, this course will prepare all students for implementing and maintaining cybersecurity solutions for their DeltaV control system. The audience for this school should be DeltaV System Administrators or IT-personnel responsible for implementing DeltaV security products. Additionally, this course will be valuable to those who frequently work with customers and their cybersecurity products and services.
Training topics addressed include:
- Endpoint Security for DeltaV Systems
- Application Whitelisting for DeltaV Systems
- SIEM for DeltaV Systems
- Network Security Monitor for DeltaV Systems
- Automated Patch Management Service
- Emerson Smart Firewall
- DeltaV Firewalls
- Backup & Recovery