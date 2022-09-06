Calendar An icon of a desk calendar. Cancel An icon of a circle with a diagonal line across. Caret An icon of a block arrow pointing to the right. Email An icon of a paper envelope. Facebook An icon of the Facebook "f" mark. Google An icon of the Google "G" mark. Linked In An icon of the Linked In "in" mark. Logout An icon representing logout. Profile An icon that resembles human head and shoulders. Telephone An icon of a traditional telephone receiver. Tick An icon of a tick mark. Is Public An icon of a human eye and eyelashes. Is Not Public An icon of a human eye and eyelashes with a diagonal line through it. Pause Icon A two-lined pause icon for stopping interactions. Quote Mark A opening quote mark. Quote Mark A closing quote mark. Arrow An icon of an arrow. Folder An icon of a paper folder. Breaking An icon of an exclamation mark on a circular background. Camera An icon of a digital camera. Caret An icon of a caret arrow. Clock An icon of a clock face. Close An icon of the an X shape. Close Icon An icon used to represent where to interact to collapse or dismiss a component Comment An icon of a speech bubble. Comments An icon of a speech bubble, denoting user comments. Ellipsis An icon of 3 horizontal dots. Envelope An icon of a paper envelope. Facebook An icon of a facebook f logo. Camera An icon of a digital camera. Home An icon of a house. Instagram An icon of the Instagram logo. LinkedIn An icon of the LinkedIn logo. Magnifying Glass An icon of a magnifying glass. Search Icon A magnifying glass icon that is used to represent the function of searching. Menu An icon of 3 horizontal lines. Hamburger Menu Icon An icon used to represent a collapsed menu. Next An icon of an arrow pointing to the right. Notice An explanation mark centred inside a circle. Previous An icon of an arrow pointing to the left. Rating An icon of a star. Tag An icon of a tag. Twitter An icon of the Twitter logo. Video Camera An icon of a video camera shape. Speech Bubble Icon A icon displaying a speech bubble WhatsApp An icon of the WhatsApp logo. Information An icon of an information logo. Plus A mathematical 'plus' symbol. Duration An icon indicating Time. Success Tick An icon of a green tick. Success Tick Timeout An icon of a greyed out success tick. Loading Spinner An icon of a loading spinner.
Cyber Security is one of the fastest evolving concerns for the world when it comes to protecting technology and people.
By David Allen, Cyber Security Lead, ABB Energy Industries UK
06/09/2022, 7:00 am
Cyber Security

The threats posed by cyber attackers are becoming significantly more sophisticated with new and inventive ways of implementing and delivering attacks.

In the last two years alone 90% of Industrial plants / industrial assets in their OT (Operational Technology) systems experienced at least one damaging attack.

However cyber security cannot be solved in one hit solution, such as a capex project that delivers you a result once complete, in truth it is never complete, successful organisations will build cyber resilience as an integral part of their strategy and will recognise it is a continuous journey as threats evolve.

The smartest investments will be made once a company understands what assets it has to protect and has understood its vulnerabilities; spending without this knowledge is like shooting in the dark.

The days of our systems being able to function at their full potential in a completely air-gapped environment are over.

Significant advancements in digital technologies and the requirement of being able to maintain our systems are performing efficiently, inevitably means there must be a “connection” of some kind. Whether it is via a dedicated physical connection, or an engineer connecting a device, a link is made, exposing a potential vulnerability.

The time to focus on security and protection is now more essential than ever and new detailed plans need to be established to ensure systems are not only maintained but equally protected.

The energy and utilities sector in recent times has been a highly targeted sector as they have established themselves as critical to national infrastructure and security.

Much like the common saying “A chain is only as strong as its weakest link”, there is a need to assess the ‘digital transformation chain’ and to ensure that cyber security is considered in each link.

This starts with firstly making sure we truly understand our systems.

Without knowing how our system is constructed and interconnected it becomes impossible for us to ensure that suitable levels of protection are implemented throughout the system and at the appropriate levels.

Often when talking to asset engineers about their processes and equipment, old infrequently used equipment is re-discovered, along with comments such as “I’d forgotten about that device”.

These ‘forgotten’ devices are often an increased source of risk and sometimes can be key elements in securing the system.

Of course, while undertaking a system architecture review, major areas of risk may come to light allowing for quick targeted actions to be undertaken prior to a cyber security risk assessment.

Understanding the system under consideration is an essential first step in the cyber journey regardless of the cyber security standard followed.

Another essential part that needs to be considered is identifying and understanding the risks posed to the systems. It is important to consider both internal threats and external threats, as often we don’t take a moment to stop and ask who is targeting a system and why they may be doing it. From recent world events, it is not hard to see that systems on industrial assets are prized targets.

Armed with a good understanding of the systems and the types of risks posed to them, a risk assessment would be the most logical next step.

A cyber security risk assessment allows you to clearly determine the areas of risk along with focused actionable recommendations.

It also allows you to understand in detail exactly where the vulnerable areas are, enabling better prioritisation of budgets.

At ABB, we often suggest considering this four-part strategy when starting your cyber journey; ‘Identify’ your areas of concern so you can understand the risks, ‘Measure’ the identified risks, how can they be reduced or managed, ‘Prioritise’ the areas of biggest risk so that the implemented solutions provide the best protection and value, and finally, ‘Mitigate’ the identify risks by implementing new controls or procedures to better improve the organisation’s security posture.

A strong successful cyber security resilience requires a collaborative approach. Companies are made up of not just systems, but most importantly people and the processes that support them.

Cyber security requires a unified effort with a variety of personnel from, site engineers, system vendors and wider company IT teams bringing in their expertise and unique perspectives.

