Why Cybersecurity Must be Part of Your Safety Plan

Safety Rockwell

May 5, 2020

By Steve Ludwig

The dangers that cyber threats pose to intellectual property, customer records and productivity are well known, but less discussed are the safety implications of these threats. A cyberattack on your industrial control system (ICS) can damage physical assets, alter recipes, injure workers or cause severe environmental damage.

If you’re on a digital transformation journey — whether it’s a managed process or slow evolution — managing the inherent safety and security risks should be an integral part of the process.

A properly designed security approach will improve information collection, analysis and delivery. It will minimize security-related interruptions and frustrations. And it will help protect your enterprise.

Know your risks

Today, both security and safety standards already recognize the link between safety and security risks.

Cybersecurity standard ISA/IEC 62443-1-1 mentions that security breaches can have consequences beyond compromised information. The standard states: “The potential loss of life or production, environmental damage, regulatory violation and compromise to operational safety are far more serious consequences. These may have ramifications beyond the targeted organization; they may grievously damage the infrastructure of the host region or nation.”

Functional safety standard IEC 61508-1 specifies that hazards associated with equipment and control systems must be determined under all reasonably foreseeable circumstances. The standard says: “This shall include all relevant human factor issues and shall give particular attention to abnormal or infrequent modes of operation of the EUC. If the hazard analysis identifies that malevolent or unauthorized action, constituting a security threat, as being reasonably foreseeable, then a security threats analysis should be carried out.”

Security, like safety, approaches issues based on managing risk, leveraging continuous assessment and baselining to ensure you are managing to a risk threshold. Your level of acceptable risk will vary by industry and potential outcomes.

Considering that most cybersecurity attacks are based on the attacker simply finding a vulnerable target — rather than being specifically targeted due to industry or prominence — a cybersecurity attack is a foreseeable circumstance in virtually every industry. Assessing your cybersecurity risks, determining your level of acceptable risk and mitigating identified risks to an acceptable level are now the basic “reasonable” steps to help protect people from foreseeable misuse and malevolent or unauthorized actions.

As with safety, ignoring cybersecurity and associated risks is the mistaken belief that “if I don’t know about the risk, I can’t be held accountable.” That’s not an acceptable posture, ethically or for compliance purposes, especially when lives are on the line.

Address risks together

Some have used the risks that connected technologies can introduce as an argument against modernization. But, it’s important to recognize that doing nothing is not a solution. Maintaining legacy systems too long not only deprives you of valuable insights and other IIoT benefits, but these systems also often lack the security measures of contemporary systems making them more vulnerable rather than less.

The better approach is to make the most of digital transformation, while helping protect safety and security as part of the process. As you do this, keep some key things in mind.

For example, many security practices have long been used in the IT world, but they’re new to the OT world. And, while many of the mitigation steps are similar in comparison, they’re applied very differently in the front office than on the plant floor.

In a manufacturing environment, cybersecurity and safety risks should both be part of risk management and part of the management of change (MOC) process. And EHS professionals should be involved in managing processes and compliance with standards and laws.

It’s a new age in industry. The advantages of Industry 4.0 certainly outweigh the increased risks. And by understanding the risks and mitigating them as part of your digital initiatives, you can expand what’s possible in your operations while helping protect what matters most to you.

Learn more about industrial security.

Steve Ludwig is Commercial Programs Manager, Safety, Rockwell Automation. Rockwell Automation is a founding member of the ISA Global Cybersecurity Alliance and has received multiple ISA/IEC 62443 certifications.

Related Articles


Latest Articles


Changing Scene

  • Skills Ontario Supports Ontario’s Investments in Skilled Trades in Budget Announcement

    Skills Ontario Supports Ontario’s Investments in Skilled Trades in Budget Announcement

    March 28. 2024 As demand for skilled trades professionals rises, Skills Ontario is commending the government for continued investments in skilled trades and technology programing, working to address the shortfall and need to build the workforce of the future in Ontario.  The skilled trades shortage is costing Ontario approximately $25 billion in foregone GDP. A… Read More…

  • IVRY Launches 7 New VR Lessons

    IVRY Launches 7 New VR Lessons

     IVRY Technologies, a division of IDEAL Electrical, is launching seven new virtual reality (VR) lessons in Canada as part of its Virtual Electrical Training (VET) Series 2 training module. The cutting-edge training will serve as a learning resource for International Brotherhood of Electrical Workers (IBEW) training centers across Canada. Read More…

  • PEI Budget 2024 Signals Continued Focus on Healthcare, Housing and Affordability for all Islanders 

    PEI Budget 2024 Signals Continued Focus on Healthcare, Housing and Affordability for all Islanders 

    March 28, 2024 Hon. Jill Burridge, Minister of Finance, presented government’s 2024-25 operating budget to the legislative assembly, outlining $3.2 billion in investments for Prince Edward Island with a continued focus on healthcare, housing and affordability measures. “This budget signals where we’re headed as a province and shows Islanders where we will be making key… Read More…

  • BC’s Budget 2024 Prioritizes Actions for Low-Carbon Economy

    BC’s Budget 2024 Prioritizes Actions for Low-Carbon Economy

    March 28, 2024 Josie Osborne, Minister of Energy, Mines and Low Carbon Innovation, and Brittny Anderson, MLA for Nelson-Creston, met with community climate leaders in Nelson to discuss how Budget 2024 can help support people in the region to transition to a low-carbon economy and meet shared CleanBC goals. “Our government’s budget this year reflects the… Read More…