Digital Transformation
No more silos: OT and IT team up to tackle cybersecurity
by Rick Gorskie
by Rick Gorskie
In today’s digital age, cybersecurity threats are pushing refineries to re-examine their cybersecurity strategies. Gone are the days when information technology (IT) and operational technology (OT) could function separately in protected silos. Now, the need to share resources and information is critical, especially when both are working with automation suppliers to better respond to today’s complex and costly cybersecurity landscape—a landscape that the Center for Strategic and International Studies and McAfee reports has cost the world almost $600 billion, or 0.8 percent of global GDP.
Begin by assessing current practices The assortment and complexity of threats have increased enough in just the past few years to invite a re-examination of how well the refining industry protects itself. And that starts by tasking the refinery’s IT and OT groups to first evaluate and assess its current cybersecurity practices and analyze any current defense measures already in place. Together, they must look at ways to better bridge gaps and work more closely together to devise strategies based on new technologies to update procedures. But refiners must also not forget about the power and value of expert consultation when devising new cybersecurity strategies, especially when an outside perspective can take an unbiased look at what’s working and what needs improvement.
By working with Emerson, a trusted automation supplier and expert well-versed in the network and system security requirements and levels outlined in the International Society of Automation’s (ISA) IEC 62443 series of cybersecurity standards, refiners can gain further insights to develop and maintain strong cybersecurity strategies, work processes, training, and ongoing support. And just as continuous monitoring of the refinery’s process variables is critical for its control and safety applications, so is ongoing cyber-defense monitoring and having counter measures in place to reduce the risk of a cybersecurity incident.
Develop and update your cybersecurity incident response plan
At a detailed operations and equipment level, refineries also stand to benefit from today’s more advanced distributed control systems, which now have many layers of protections based on the IEC 62443 family of standards for how control systems should be developed, deployed, and maintained to dramatically enhance the cybersecurity of these installed systems. It’s also critical to develop cybersecurity incident response plans so that plant personnel know what to do in the event of an issue.
No matter the technology already in place, the strategies at your disposal today, or the ways in which your IT and OT teams currently collaborate, the methods to strengthen your refinery’s cybersecurity approach are well-established and can improve your plant’s cyber-defense posture. Now’s the time to get ahead of the issue.