It has become increasingly obvious that the need for strong cybersecurity is not going to go away. Operational technology (OT) assets have increasingly become targets of both large-scale and small-scale attacks, often with devastating effects. OT teams need to be vigilant to ensure their assets do not become the next headline.

However, OT teams often struggle with cybersecurity. Not only is cybersecurity implementation complex, it’s also ever-changing. Couple that with the fact that today, many OT teams run incredibly lean, and it’s not unusual to find plants with neither the time nor the expertise to implement and maintain the security protocols they need.

Fortunately, as Alexandre Peixoto shares with Control magazine in a recent interview, expert automation technology providers employ deep benches of expert cybersecurity personnel for just this purpose. Experts identify, test, and maintain the best solutions for the suite of products, helping OT teams keep their focus on operations, not on security.

Standard-driven design

So what does this mean for OT teams looking to maintain peak performance while still monitoring and defending against security threats? It means that teams should expect their automation solution providers to deliver products built from the ground up to meet the strictest cybersecurity standards. For example, Emerson’s DeltaV™ distributed control system (DCS) has a long history of cybersecurity-by-design. In fact, DeltaV version 14

“was the first DCS to achieve ISASecure’s System Security Assurance (SSA) certification. Based on the IEC 62443-3-3 standard, this certification ensures that a control system can be deployed following stringent cybersecurity requirements specified in the standards. It also covers the secure development lifecycle to obtain system-level certification, which in this case was covered by the IEC 62443-4-1 standard. Emerson is also certified for development processes under ISASecure’s Secure Development Lifecycle Assurance (SDLA) program.”

Putting plans in to action

Building secure systems isn’t enough. Teams also need to be sure those systems are working properly when installed and keep working across the lifecycle. This, Peixoto explains, is another place where automation solutions providers can help. An automation supplier with deep cybersecurity industry expertise can help OT teams right-size their cybersecurity solutions via cybersecurity assessments. Cybersecurity experts carefully examine a plant’s OT technologies and help the team identify the best steps to start or continue their cybersecurity journey. Armed with this critical information, OT teams can feel more confident in their cybersecurity roadmap as they implement, test, manage, and maintain it across the lifecycle.

Moreover, automation suppliers’ cybersecurity experts should be able to help teams regularly test their solutions and develop incident response procedures that can be tested as well.

“Response plans can also help users decide what threats to consider in the first place and how to study them. It can show how to perform a 2 x 2 prioritization exercise to determine what issues and scenarios are most relevant for each user, as well as what tests would be most applicable and useful. Similar to the severity and frequency analysis used for process safety, prioritization also balances likelihoods versus impacts, and lets users and suppliers discuss cybersecurity issues thoroughly.”

It is never too early or too late to ensure your plant has adequate cybersecurity solutions in place. Whether you have the resources to do so in house or need to seek outside support, start by ensuring your automation solutions are designed from the ground up to support your cybersecurity journey. Doing so not only helps ensure that you always have the best protection available, but will also help you maintain that protection across the lifecycle of your equipment.