Security standards to defend against cyber attack

Changing culture

In a recent report, Honeywell accentuates the importance that security culture is on a par with safety culture in order to protect against cyber attack.

Reported cyber attacks have grown by 600% since 2010, according to NSS Labs. In order to overcome this threat, Honeywell holds that users need to enforce a string security culture that reaches every level.

One of the basic areas of uncertainty is manufacturers not understanding what they need to protect. While safety is very specific in what needs protecting, security has vast areas to safeguard. Attackers today are not necessarily looking for destruction. In quite a few cases, they are working to steal a company’s intellectual property.

Required: standards

Industry and government absolutely mandate safety. Practitioners have to adopt safety under penalties or potential fines if they do not. In addition, in most cases standards are international, so in a global manufacturing environment manufacturers have to adhere to them. In theory, this means that solid safety practices should be the same in the US as they are in Europe, Asia, Australia, South America and Africa.

According to Honeywell, these types of standards for cyber security could help to drive awareness and implementation. There are a number of evolving standards such as the IEC 62441 (ISA99) and the WIB standard. The IEC 62443 (ISA99) series has been in development for over 10 years. Some parts are still a work in progress.

Furthermore, penalties for non-adherence to security standards are non-existent, nor are there rewards for following them.

An overall movement towards reporting requirements could be coming in the form of the Executive Order 13636 – Improving Critical Infrastructure Cybersecurity, signed by Obama in February 2013. The Order calls for the Government to develop a voluntary framework to reduce cyber risks, recognizing US national and economic security depends on the reliable functioning of critical infrastructure.

The future of security

Honeywell highlights that, other than the framework, legislation has failed in the past. The Executive Order was in fact in response to failed legislation. Government does have some options in regards to reinforcement of new measures, such as not renewing operating permits until companies meet requirements.

Some fear that a major incident is required, such as that at Union Carbide, in order to spark the culture change needed to facilitate a greater focus on security.

Adapted from a report by Emma McAleavey

Read the article online at: https://www.hydrocarbonengineering.com/gas-processing/22072014/safety-and-security-972/