The New Security Norm in OT

Rockwell Automation

September 25, 2018

By Steve Ludwig, Rockwell Automation

The growing use of widely available technologies in industrial control systems (ICS) and the growth of more connected, information-enabled enterprises inherently increases security risks, and with it the responsibilities of control system providers and users alike.

Historically, industrial control systems used proprietary technologies, and were generally segregated from the information systems at most companies. The systems were largely incompatible and the commercial technologies that were used in office spaces simply didn’t fit the requirements of control systems.

As commercial technologies advanced in recent decades, they were adapted for use in control systems, improving costs, compatibility, and ease of use. With these improvements, connectivity between systems became simpler and increasingly demanded by users.

Bringing together enterprise-level IT and plant-level operations technology into a common infrastructure creates more opportunities to improve operations, but without proper cybersecurity hygiene may also provide increased opportunities for cyber-attacks against ICS equipment.

Such attacks, if successful, can have severe impact on worker, environmental and product safety, intellectual property, reputation and productivity.

These challenges are changing the way ICS providers and users work together, bringing increased responsibilities to each.

ICS providers have an increased responsibility to understand, detect, and remediate security vulnerabilities and to disclose them through patch and version management to users. While much of this is “old hat” to information technology (IT) professionals — receiving regular announcements of vulnerabilities and patches to remediate them — it’s new to ICS engineers.

A comprehensive cybersecurity strategy includes cybersecurity hygiene — asset inventory to understand what you have, controlling physical and digital access, segmentation, system configuration and other actions. It also includes adoption of NIST CSF to identify, protect, detect, respond and recover from cyber-attacks.

It also requires that ICS providers, like Rockwell Automation, constantly test products and review applications to identify and remediate vulnerabilities in products. Disclosing remediated vulnerabilities through patch and version management helps protect ICS users from cyber-attacks.

It is part of an ethical, comprehensive cybersecurity strategy to help verify our customers’ security and safety. While not actually new, the increased focus on security in recent years, and the more frequent disclosures may seem surprising to some.

To others that have worked closely with IT, it will seem natural and expected. To all, it should be welcomed as a clear focus on supporting the safety and security of industrial control systems.

For more information on security, please check out the following resources:

If Assistance is Needed

Rockwell Automation and our partners provide scalable, tiered level assistance services based on the stage of the user in the cybersecurity risk management implementation. Use the following list of resources when your customer is requiring assistance:

Rockwell Automation Remote Support Services

Technical assistance in finding product downloads applying them to products.

https://rockwellautomation.custhelp.com/ to find the local support options.

Product Security Office

Non-critical support and general information about the security vulnerabilities and mitigations offered. No customer-specific advice can be offered; secure@ra.rockwell.com

Network & Security Services

Consultants for strategic and tactical industrial security services, such as security assessments and program development, asset inventory services, patch management, threat detection services; Network & Security Services Home

For more information https://www.rockwellautomation.com/en_NA/overview.page?

Related Articles



Editor’s Pick: Featured Article

Weidmüller’s u-control 2000: The Automation Controller

Weidmüller’s u-control 2000: The Automation Controller

Weidmüller’s scalable engineering software, u-control 2000, adapts individually to your requirements. And, the u-control is powerful, compact and fully compatible with Weidmüller’s I/O system u-remote. This article looks at what makes u-control the heart of your automation.

Programmable logic controllers (PLCs) are one of the main components of any automated system. A typical control system has inputs, outputs, controllers (i.e., PLCs), and some type of human interaction with the system, a human machine interface (HMI), for example.

Read More



Latest Articles

  • Helping McMaster University Adapt its Buildings for the Future

    Helping McMaster University Adapt its Buildings for the Future

    February 22, 2024 McMaster University is using technology to better control and manage its legacy thermal systems and create smarter buildings McMaster University is using technology to better control and manage its legacy thermal systems and create smarter buildings. Carmichael Engineering Ltd., a Canadian systems integrator, worked closely with ABB Canada’s leading experts and its highly… Read More…

  • Grid Transparency Behind-the-Meter Is Key Challenge for Power Utilities, Study Reveals

    February 20, 2024 Siemens has released key insights into how electric utilities in the United States and Canada are managing the rapid adoption of behind the meter distributed energy resources (DERs) in its new report “Seeing behind the meter: How electric utilities are adapting to the surge in distributed energy resources.”  Data from the study… Read More…