When Waiting for Rules Risks Everything

by , | Nov 11, 2025 | Control & Safety Systems, Cybersecurity | 0 comments

We all know cybersecurity is critical to safe and successful operation of our businesses. Moreover, most of us know that we could be doing more when it comes to cybersecurity. After all, we see new cyberattacks in the news almost every day, sometimes happening to companies we recognize, other times to organizations with names that are unfamiliar. Either way, it sends a critical message: nobody is safe from cyber threats anymore.

Yet all too often, as Emerson’s Alexandre Peixoto shares in his recent article in Hydrocarbon Engineering, companies wait for regulatory requirements before improving their cybersecurity posture. It only makes sense. Cybersecurity is a lot of work, so why make the effort before you have to? But Alexandre argues for another way:

“Regulation is a poor catalyst for cybersecurity. Many organizations forget that the possibility of a fine is the smallest possible risk they face from an ineffective cybersecurity posture. In truth, most of the pressures manufacturers face, such as productivity and shareholder value, are very much at risk when an attack happens. As evidenced by recent, high-profile attacks, today’s cyber-attacks can easily impact digital systems, or even an entire enterprise for days or even weeks, resulting in revenue and reputation loss, and risks to the safety of personnel and local communities in the worst case.”

Proactive cybersecurity improvement as part of a continuous cybersecurity journey, he explains, is a much better strategy. And, he argues, anyone can do it. To illustrate, he breaks down some key cybersecurity improvement tips that take small effort but deliver big results.

Find a starting point

Everyone starts their cybersecurity journey from a different place. However, what they all have in common is that they need to know what that starting point is. For teams that have almost no cybersecurity technology deployed, starting with a single critical asset might be a good jumping-off point.

“For example, does the plant have a critical asset that is guaranteed to shut down production and/or cause a safety issue if operated with malicious intent? If the answer is yes, securing that asset is an area where even a small team can focus their efforts. First, the team can identify if that asset has any exposure to the outside world. If so, that exposure needs to be mitigated. But even if it has no external exposure, it should still be protected against internal tampering as well.”

Other teams might be further along, with strong defense-in-depth already in place. For those groups, working closely with Emerson to identify more advanced tools that will work with their automation software can help shore up defenses even more.

Grab the low-hanging fruit

Not all cybersecurity solutions are expensive, intrusive, and complex. Many simple solutions deliver significantly increased security and can be evaluated and deployed by an organization’s own staff.

“For example, many OT teams can create a significant improvement in their organization’s cybersecurity posture simply by checking user accounts and their privileges. Creating individual user accounts and assigning them privileges based on their unique roles is a low-cost solution that can typically be performed by the administrator of the site, and it will have a massive positive impact on the plant’s overall cybersecurity footprint.”

Flashy, expensive new cybersecurity software and appliances are exciting, but they are no guarantee of cybersecure operation. Starting with easy wins is a powerful strategy.

Work with a partner

One of the challenges of tackling cybersecurity in OT is that teams cannot afford any interruption of real-time, mission-critical systems like the distributed control system (DCS). Fortunately, Emerson not only builds systems like the DeltaV™ DCS to be secure by design, but also carefully evaluates top-tier cybersecurity solutions for their compatibility with automation systems.

“Any automation system should also come with guidance for securely setting up workstations, and the system itself. Moreover, effective automation solution providers will offer clear guidance on how to harden their systems—the dos and don’ts—as well as how to set up and maintain user accounts securely. Ultimately, the OT team should not need an engineering team to perform custom configuration every time they need to add an automation solution, but they should instead have fast and easy access to practical documentation guiding them through secure configuration.”

Working closely with an automation solution provider can dramatically reduce the complexity and time spent on implementing cybersecurity software and appliances.

The best time for a cybersecurity project? Today!

While it is essential to update cybersecurity software and policies to meet regulatory requirements, there is no penalty for staying ahead of the curve. In fact, because every step an organization takes makes them less of a target, continuous improvement is the best way to keep your personnel, operations, and reputation safe. Alexandre offers even more strategies to navigate the cybersecurity journey in his full article over at Hydrocarbon Engineering, so check it out to add even more support to your cybersecurity toolbox.

Comments

Author

  • Emerson's Todd Walden
    Public Relations, Advertising & Social Media Consultant

Featured Expert

Follow Us

We invite you to follow us on Facebook, LinkedIn, Twitter and YouTube to stay up to date on the latest news, events and innovations that will help you face and solve your toughest challenges.

Do you want to reuse or translate content?

Just post a link to the entry and send us a quick note so we can share your work. Thank you very much.

Our Global Community

Emerson Exchange 365

The opinions expressed here are the personal opinions of the authors. Content published here is not read or approved by Emerson before it is posted and does not necessarily represent the views and opinions of Emerson.

Privacy Policy | Cookie Policy | Data Protection Statement

PHP Code Snippets Powered By : XYZScripts.com