Why Cybersecurity Must be Part of Your Safety Plan

Safety Rockwell

May 5, 2020

By Steve Ludwig

The dangers that cyber threats pose to intellectual property, customer records and productivity are well known, but less discussed are the safety implications of these threats. A cyberattack on your industrial control system (ICS) can damage physical assets, alter recipes, injure workers or cause severe environmental damage.

If you’re on a digital transformation journey — whether it’s a managed process or slow evolution — managing the inherent safety and security risks should be an integral part of the process.

A properly designed security approach will improve information collection, analysis and delivery. It will minimize security-related interruptions and frustrations. And it will help protect your enterprise.

Know your risks

Today, both security and safety standards already recognize the link between safety and security risks.

Cybersecurity standard ISA/IEC 62443-1-1 mentions that security breaches can have consequences beyond compromised information. The standard states: “The potential loss of life or production, environmental damage, regulatory violation and compromise to operational safety are far more serious consequences. These may have ramifications beyond the targeted organization; they may grievously damage the infrastructure of the host region or nation.”

Functional safety standard IEC 61508-1 specifies that hazards associated with equipment and control systems must be determined under all reasonably foreseeable circumstances. The standard says: “This shall include all relevant human factor issues and shall give particular attention to abnormal or infrequent modes of operation of the EUC. If the hazard analysis identifies that malevolent or unauthorized action, constituting a security threat, as being reasonably foreseeable, then a security threats analysis should be carried out.”

Security, like safety, approaches issues based on managing risk, leveraging continuous assessment and baselining to ensure you are managing to a risk threshold. Your level of acceptable risk will vary by industry and potential outcomes.

Considering that most cybersecurity attacks are based on the attacker simply finding a vulnerable target — rather than being specifically targeted due to industry or prominence — a cybersecurity attack is a foreseeable circumstance in virtually every industry. Assessing your cybersecurity risks, determining your level of acceptable risk and mitigating identified risks to an acceptable level are now the basic “reasonable” steps to help protect people from foreseeable misuse and malevolent or unauthorized actions.

As with safety, ignoring cybersecurity and associated risks is the mistaken belief that “if I don’t know about the risk, I can’t be held accountable.” That’s not an acceptable posture, ethically or for compliance purposes, especially when lives are on the line.

Address risks together

Some have used the risks that connected technologies can introduce as an argument against modernization. But, it’s important to recognize that doing nothing is not a solution. Maintaining legacy systems too long not only deprives you of valuable insights and other IIoT benefits, but these systems also often lack the security measures of contemporary systems making them more vulnerable rather than less.

The better approach is to make the most of digital transformation, while helping protect safety and security as part of the process. As you do this, keep some key things in mind.

For example, many security practices have long been used in the IT world, but they’re new to the OT world. And, while many of the mitigation steps are similar in comparison, they’re applied very differently in the front office than on the plant floor.

In a manufacturing environment, cybersecurity and safety risks should both be part of risk management and part of the management of change (MOC) process. And EHS professionals should be involved in managing processes and compliance with standards and laws.

It’s a new age in industry. The advantages of Industry 4.0 certainly outweigh the increased risks. And by understanding the risks and mitigating them as part of your digital initiatives, you can expand what’s possible in your operations while helping protect what matters most to you.

Learn more about industrial security.

Steve Ludwig is Commercial Programs Manager, Safety, Rockwell Automation. Rockwell Automation is a founding member of the ISA Global Cybersecurity Alliance and has received multiple ISA/IEC 62443 certifications.

Related Articles


Latest Articles


Changing Scene

  • Save the Date: Ontario Apprenticeship Summit 2026 – November 4, 2026

    Save the Date: Ontario Apprenticeship Summit 2026 – November 4, 2026

    July 6, 2026 Skilled Trades Ontario (STO) is pleased to announce that the third annual Ontario Apprenticeship Summit will take place during National Skilled Trades and Technology Week. Industry partners, skilled trades professionals, and apprentices are invited to attend the Toronto Congress Centre on Wednesday, November 4, 2026. The Ontario Apprenticeship Summit 2026 is focused… Read More…

  • Fort McMurray Apprentice Electrician to Represent Canada at Skilled Canada National Competition

    Fort McMurray Apprentice Electrician to Represent Canada at Skilled Canada National Competition

    July 6, 2026 In recognition of World Youth Skills Day, which underscores the vital role of skills development among young people, Skills/Compétences Canada (SCC) is proud to officially announce the 31 talented members of WorldSkills Team Canada 2026.These young competitors will begin their training to prepare for the 48th WorldSkills Competition, in Shanghai, China, which will be held… Read More…

  • Westburne Celebrates 100 Years with Brandon Trade Show

    Westburne Celebrates 100 Years with Brandon Trade Show

    July 6, 2026 Recently, Westburne hosted over 200 guests and over 60 partners and suppliers at their Brandon Trade Show to celebrate 100 years of Westburne. “Westburne’s annual Midwest Tradeshow welcomed more than 220 attendees in Brandon this year, including representatives from over 60 partner businesses and suppliers. Taking place annually for over 15 years,… Read More…

  • B.C. Expands Energy Efficiency Program to Provide No-Cost Retrofits to Homeowners, Tenants

    B.C. Expands Energy Efficiency Program to Provide No-Cost Retrofits to Homeowners, Tenants

    July 3, 2026 Together with BC Hydro, FortisBC and Natural Resources Canada, the Province is supporting families with lower incomes to save money on their utility costs through home-energy improvements.  “We are taking action to help people lower their utility bills by expanding our home energy-efficiency programming for lower-income families,” said Adrian Dix, B.C.’s Minister… Read More…