The importance of cybersecurity has escalated in response to remote work brought on by the global pandemic. Increased connectivity requires organizations to digitally transform operations to support a more sustainable, safer and healthier future.
The recent intrusion at the City of Oldsmar water treatment system in Florida underscores the importance of having a strong cybersecurity posture. Periodic reviews of cyber programs and response plans are essential to ensuring that best practices are being implemented to help mitigate cyber events. Combining network monitoring, logging and event management technologies with well-trained staff who understand the risks of remote connections and how to implement them safely is the best defense against unauthorized system access.
Cybersecurity sessions for the power and water industries during the Emerson Global Users Exchange focused on security programs that use best practices and the latest technology.
Emerson’s recommended cybersecurity best practices are aligned with the NIST Cybersecurity framework and centered around four key areas tailored for the power generation and water treatment facilities.
- Identify – Establish a security baseline by identifying your current assets and how they are connected
- Protect – Implement safeguards for your assets including strategies for user management, system hardening, patch management, and antivirus and malware programs
- Detect – Identify cyber events using mechanisms such as security incident and event management, network monitoring and intrusion detection, configuration change management, and internal policy audits
- Respond and Recover – Develop an incident response plan that details actions for responding to and recovering from internal and/or external malicious and non-malicious threats and attacks
Matt Cosnek, Emerson’s manager of security solutions for the power and water industries, discussed the current status of cybersecurity, explaining that:
developing a security program focused on both compliance and security best practices is the best approach to ensuring systems are truly secure, organizations are compliance-ready and production reliability is maintained.
Matt was joined by a major North American utility’s lead cybersecurity analyst who described the challenges of using multiple, different security systems and why they invested in a standardized cybersecurity program across their fleet. Benefits of implementing the plan included consistent, efficient and reliable program management, patching, data flow between sites and incident recovery capability.
Emerson cybersecurity engineers Tom Kizer and Bryan Long, demonstrated Power and Water Cybersecurity Suite applications that:
- Support security automation and compliance
- Promote industry best practices
- Simplify security management
The conversation continued with Dave Foose, security program manager, leading a panel of Emerson experts. They focused on how power and water organizations can defend their industrial control system (ICS) processes today while proactively protecting them for tomorrow and beyond.
Cybersecurity is not a project or a product – it is a process that continually evolves. Power and water utilities must consider cybersecurity as part of their regular maintenance program and their overall system lifecycle care plan. To remain current, organizations should establish a plan for regular maintenance as well as a plan to upgrade their security-related products.
Cybersecurity is a journey where the nature of cyber attacks is constantly changing. Your plan and the technology used to identify and mitigate vulnerabilities needs to keep pace or better yet, be one step ahead of those changes to maintain operations and keep resources focused.
Visit the Power and Water Cybersecurity Suite page on Emerson.com to learn more about our comprehensive suite of cybersecurity software, products and services that help power and water industry users protect their industrial control systems without disrupting the process.