Cybersecurity Worst Practices: The Good-the Bad-the Ugly

by | Jul 31, 2018 | Control & Safety Systems, Cybersecurity

Jim Cahill

Chief Blogger, Editor

Emerson's David Foose


At the 2018 Ovation Users’ Group Conference, Emerson’s David Foose shared examples of bad practices in securing control systems.

Dave opened describing how the focus on control system security over the past decade has changed from bothersome to imperative.

The five stages of cyber grief include denial, frustration, bargaining, burn out and finally acceptance. Burn out is the phase where a person or small team is trying to do it all, before acceptance that they need help from their suppliers to develop and implement a sustainable approach.

A worst practice is not to know everything that is physically connected to the network. Walk around and physically check everything that is plugged into the network. A $30 Raspberry Pi and cellular modem can be a point of attack into the system.

Another worst practice is hiding the issues you may have from your auditors or security consultants. The issues don’t go away by hiding them.

Balkanizing your information security by country can pose problems for global companies. If you have to buy US security solutions for US sites, Chinese security solutions for sites in China, etc. will cause a mishmash that raises security risks.

Generic security compliance that is not fit for the intended application is just wasting money. It’s important to understand the requirements and what fits it best. Also, there may be no incremental benefit for overspending on cyber security. Again, understanding the risk and the solution that will address that risk.

Another worst practice is not properly monitoring. There may be monitoring equipment, but if there are no work practices to pay attention and address the data, it’s of no value.

All the security technology in the world is great but if they are bypassed by work practices, they are of no benefit.

Dave closed with best practices—physical & technical inventory of your system, integrate solutions that fit your environment, invest in your people, and have an ongoing plan.

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe for Updates

Follow Us

We invite you to follow us on Facebook, LinkedIn, Twitter and YouTube to keep up to date on all the latest news, events and innovations to help you take on and solve your toughest challenges.

Want to re-purpose, reuse or translate content?

Please do, Just link back to the post and send us a quick note so we can share your work. Thanks!

Our Global Community

Emerson Exchange 365

The opinions expressed here are the personal opinions of the authors. Content published here is not read or approved by Emerson before it is posted and does not necessarily represent the views and opinions of Emerson.