It is no longer possible to ensure the “safety” of production, operators and industrial equipment without Security. You’ll have heard this often, especially during the last year. But what does it mean?
Let’s start by clarifying the two terms, Safety and Security, which are often used almost interchangeably in common parlance.
It is important to understand that there is a subtle but very important difference between the two.
When we talk about ensuring safety, we are referring to a set of measures taken to protect property and people from diseases, accidents, or disasters related to the environment.
Security, on the other hand, involves taking preventative measures against spontaneous or deliberate actions that are intended to harm. A notable example is a cyberattack, the unavoidable result of a security breach.
In the industrial field, there are many rules and regulations in relation to safety. They require companies, places open to the public, administrative buildings and any sites where there is a potential risk to workers and users to take certain preventative actions.
However, unlike Safety, Security is not standardized.
The real problem is that within the context of OT – i.e. the operational technology used to control industrial devices, the prevailing ideology has not kept pace with digitalization, which has developed systems without also developing adequate security measures.
The perception of cyber threats is not yet as clearly defined in the Operational field as it is in IT: i.e. in technology infrastructure.
You may be wondering what the real risks are in the event of a cyberattack. We’ll tell you now.
In the OT context, a cyberattack can have devastating consequences. Firstly, it will cause the system to stop or malfunction, but then it will also have serious repercussions for those who work on these systems.
Apart from the risks to employees or public health, and the potential harm to the environment, there are also certain specific cases. For example, if a pharmaceutical company was subject to attack, this could cause changes to the active ingredients in its products. If this “wrong” medication was then released on the market, it could have a negative impact on public health.
A company can suffer serious damage to its image and loss of trust due to negative publicity, with widespread awareness that the business was not sufficiently well prepared to counteract the attack, or at least resolve its cyber security problem in a timely fashion. Would you trust a company that didn’t have secure systems? Would you trust them with your data, or would you buy their products?
Last but not least, there is the problem of the theft of sensitive information in relation to product quality or intellectual property rights.
Until quite recently, OT was offline, the hardware tended to be proprietary and the technology ran on systems that are now outdated.
The digital evolution of OT technologies has led to the paradigm of Smart Manufacturing and Industry 4.0. These technologies are basically used to keep production connected with ERP systems, and a constant flow of data makes it possible to carry out predictive maintenance, among other things; but at the same time, the OT devices used are exposed to new risks relating to cyber security.
We therefore often find that today’s factories are using cutting-edge technologies that are not properly configured, and so vulnerable to possible cyberattacks.
A renewed focus on technology is therefore crucial to help prevent any possible impact that this could have on product safety. But that’s not all.
OT Cyber Security is also slowly entering the scope of the New Machinery Regulation, and indeed assuming growing importance, to the extent that industrial cybersecurity may soon become a mandatory requirement.
An obligation to assess the risks of cyberattack is therefore close to becoming a reality, in order to ensure that equipment is safe for end users by preventing incidents caused by deliberate actions, which are proving a increasingly challenging for many industrial sectors.
OT Cyber Security: finally some mandatory requirements? Find out more below.
As we can see from recent updates on the European Community website, content related to the New Machinery Regulation is also focusing on the risks due to malicious actions that affect security and have an impact on the safety and reliability of machines.
Read the article:
The control systems need to be designed and constructed in such a way as to prevent the occurrence of risky situations; which therefore also covers intentional and unintentional external attacks, including deliberate attempts by third parties to create a dangerous situation.
A complete update to the New Machinery Regulation is still in progress, in the meantime consult the European Community’s official documentation.
We have seen the way the digital world was going for many years, understanding well in advance that it would not only involve the infrastructure but also the world of Operations. We are pleased we have managed to help many companies achieve the very objectives outlined in the New Machinery Regulation:
- to cover the new risks linked to new technologies
- with this in view, to continue to ensure people’s safety
- and also ensure the free movement of products, including digital products.
The next aim will be to see cybersecurity become a mandatory and essential requirement. Until then, if you want to ensure an advantage over your competitors, to highlight your company’s values and guarantee total security in your business, we are here to help you.
Would you like a chance to discuss our solutions, and the ways we could support you in adapting to the joint demands of Safety and Security?
Do you want to help our page grow? Follow us on Linkedin
Go back to the blog
