Why Cybersecurity Must be Part of Your Safety Plan

Safety Rockwell

May 5, 2020

By Steve Ludwig

The dangers that cyber threats pose to intellectual property, customer records and productivity are well known, but less discussed are the safety implications of these threats. A cyberattack on your industrial control system (ICS) can damage physical assets, alter recipes, injure workers or cause severe environmental damage.

If you’re on a digital transformation journey — whether it’s a managed process or slow evolution — managing the inherent safety and security risks should be an integral part of the process.

A properly designed security approach will improve information collection, analysis and delivery. It will minimize security-related interruptions and frustrations. And it will help protect your enterprise.

Know your risks

Today, both security and safety standards already recognize the link between safety and security risks.

Cybersecurity standard ISA/IEC 62443-1-1 mentions that security breaches can have consequences beyond compromised information. The standard states: “The potential loss of life or production, environmental damage, regulatory violation and compromise to operational safety are far more serious consequences. These may have ramifications beyond the targeted organization; they may grievously damage the infrastructure of the host region or nation.”

Functional safety standard IEC 61508-1 specifies that hazards associated with equipment and control systems must be determined under all reasonably foreseeable circumstances. The standard says: “This shall include all relevant human factor issues and shall give particular attention to abnormal or infrequent modes of operation of the EUC. If the hazard analysis identifies that malevolent or unauthorized action, constituting a security threat, as being reasonably foreseeable, then a security threats analysis should be carried out.”

Security, like safety, approaches issues based on managing risk, leveraging continuous assessment and baselining to ensure you are managing to a risk threshold. Your level of acceptable risk will vary by industry and potential outcomes.

Considering that most cybersecurity attacks are based on the attacker simply finding a vulnerable target — rather than being specifically targeted due to industry or prominence — a cybersecurity attack is a foreseeable circumstance in virtually every industry. Assessing your cybersecurity risks, determining your level of acceptable risk and mitigating identified risks to an acceptable level are now the basic “reasonable” steps to help protect people from foreseeable misuse and malevolent or unauthorized actions.

As with safety, ignoring cybersecurity and associated risks is the mistaken belief that “if I don’t know about the risk, I can’t be held accountable.” That’s not an acceptable posture, ethically or for compliance purposes, especially when lives are on the line.

Address risks together

Some have used the risks that connected technologies can introduce as an argument against modernization. But, it’s important to recognize that doing nothing is not a solution. Maintaining legacy systems too long not only deprives you of valuable insights and other IIoT benefits, but these systems also often lack the security measures of contemporary systems making them more vulnerable rather than less.

The better approach is to make the most of digital transformation, while helping protect safety and security as part of the process. As you do this, keep some key things in mind.

For example, many security practices have long been used in the IT world, but they’re new to the OT world. And, while many of the mitigation steps are similar in comparison, they’re applied very differently in the front office than on the plant floor.

In a manufacturing environment, cybersecurity and safety risks should both be part of risk management and part of the management of change (MOC) process. And EHS professionals should be involved in managing processes and compliance with standards and laws.

It’s a new age in industry. The advantages of Industry 4.0 certainly outweigh the increased risks. And by understanding the risks and mitigating them as part of your digital initiatives, you can expand what’s possible in your operations while helping protect what matters most to you.

Learn more about industrial security.

Steve Ludwig is Commercial Programs Manager, Safety, Rockwell Automation. Rockwell Automation is a founding member of the ISA Global Cybersecurity Alliance and has received multiple ISA/IEC 62443 certifications.

Related Articles


Latest Articles

  • Guide to the Canadian Electrical Code, Part 1[i], 26th Edition – A Road Map: Section 28 – Motors and Generators

    Guide to the Canadian Electrical Code, Part 1[i], 26th Edition – A Road Map: Section 28 – Motors and Generators

    Rule 28-000 – Scope states that Section 28is a supplementary or amendatory section of the code and provides additional and specific requirements for the installation, wiring methods, conductors, protection, and control of all motors and generators. Read More…

  • Statement by ECAO Executive Director, Graeme Aitken on Tariffs

    Statement by ECAO Executive Director, Graeme Aitken on Tariffs

    February 7, 2025 ECAO posted the following statement from Executive Director, Graeme Aitken on their website regarding potential U.S. Tariffs: For almost 80 years, the Electrical Contractors’ Association of Ontario (ECAO) has served and represented the interests of Ontario’s industry-leading, unionized electrical contractors. Over those many decades, ECAO has stepped up during times of challenge… Read More…

  • Rigid PVC Conduit vs. ENT in High-Rise and Multi-Use Applications

    Rigid PVC Conduit vs. ENT in High-Rise and Multi-Use Applications

    February 7, 2025 By Phil Crangi Choosing the right high-rise construction conduit can significantly impact project efficiency and costs. While rigid PVC (Polyvinyl Chloride) conduit may have a lower upfront cost, ENT (Electrical Nonmetallic Tubing) offers more significant advantages due to its long-term labor savings and installation efficiency. ENT and fittings form an integrated system… Read More…

  • EFC Tariff Response: Advocating for Free Trade

    EFC Tariff Response: Advocating for Free Trade

    February 7, 2025 STATEMENT FROM CAROL MCGLOGAN, PRESIDENT & CEO, ELECTRO-FEDERATION CANADA ON U.S. TARIFFS Electro-Federation Canada (EFC), representing Canada’s electrical and automation industry, strongly opposes the recent tariffs announced (an subsequently delayed) by President Trump on Canadian imports. These tariffs threaten to disrupt North American supply chains, increase costs for businesses and consumers, and… Read More…


Changing Scene