Industry Collaboration is Essential to Secure Our IncreasinglyConnected World

ByMichael Regelski, Senior Vice Presidentand Chief Technology Officer,Electrical Sector - Eaton

Our world continues to become more connected and electrified. In the next five years, analysts like IDC expect 41.6 billion connected devices will generate 79.4 zettabytes of data that will need to be maintained and processed. At the same time, our world is becoming more electrified with the digitalization of building and transportation systems steadily increasing.

A single vulnerability or firmware weakness can cripple an organization. Even if you isolate your systems, they can still be compromised as recently spotlighted by TLStorm vulnerabilities, which can allow attackers to take control and destroy intelligent backup power devices.

Here’s the bottom line—our increasingly connected and electrified world needs trusted environments. Yet, a system is only as secure as its weakest link. Supporting secure connectivity is the most important first step in our industry’s ongoing marathon to harness the full potential of the IIoT.  With 95 percent of CIOs expecting cybersecurity threats to increase and impact their organizations, the need for partnerships across industries and communities to innovate and build safer and more secure technologies is essential.

Device manufacturers have a critical responsibility to ensure all product development follows a proactive and consistent enterprise-wide approach to cybersecurity. Only by adopting a secure by design methodologycan we provide customers with confidence that their connected solutions meet rigorous standards to operate securely worldwide. To achieve this, cybersecurity risks should be managed through a Secure Development Lifecycle with protocols in place for threat modeling, requirements analysis, implementation, verification, and ongoing maintenance to manage risk.Additionally, companies should take inventory of everything connected to their networks and employ a zero-trust model.

The bottom line is that cybersecurity is a must-have for product development, much like safety and quality. This means strict procedures and cybersecurity protocols need to be integrated at every phase of product development that involves people, processes and technologies.

Cybersecurity must also be integrated into organizational maintenance strategies. As electrical systems and industrial control equipment become more connected, a robust cybersecurity program requires coordination between operational technology (OT) and information technology (IT) teams.

Unifying global cybersecurity standards for connected products

As more manufacturers and industries build and deploy IIoT devices, the security and safety of systems providing essential operations become more important and more difficult to manage. These complexities are due, in part, to a lack of a global, universally accepted cybersecurity standard and conformance assessment scheme designed to validate connected products.The idea is to make sure all the components within a power system meet the same high cybersecurity standards.  

The economic challenges to safeguarding IIoT ecosystems spawn from the complex manufacturing supply chain and the difficulty of assigning clear liabilities to manufacturers and system integrators for any vulnerabilities introduced. Most products and systems assemblies consist of components from different suppliers. Where should the element of trust begin and end if there is no global conformity assessment scheme to ensure that products and systems are designed to be compliant with the global standards defined by the industry?

There are currently a multitude of different standards and regulations created by various organizations, countries and regional alliances across the globe. All of these standards and regulations address the urgent need to secure our connected world, however they also create the potential for confusion and possibility of weak links in critical infrastructure ecosystems.

The electrical industry needs a singular path to follow when it comes to designing and developing connected solutions.  Having product development processes certified by a third-party gives customers confidence that their solutions are compliant with the highest-cybersecurity requirements before they ever leave the factory floor.

“The bottom line is that cybersecurity is a must-have for product development, much like safety and quality. This means strict procedures and cybersecurity protocols need to be integrated at every phase of product development that involves people, processes and technologies.”

This isn’t a journey we want to embark on alone. Electrical infrastructure is an ecosystem that is often built upon a foundation of equipment from many different manufacturers. Customers need confidence that each company is delivering technologies that are compliant with industry standards.

Establishing global standards for cybersecurity is a collective effort. For example, we’re working with renowned standards leaders like UL, the International Electrotechnical Commission (IEC) and the International Society of Automation (ISA) Global Cybersecurity Alliance to drive a global conformance assessment standard to cybersecurity within our industry. We’ve also partnered with universities and research institutions to strengthen cybersecurity education and train the next generation of engineers to develop new security strategies for connected products.

The inherent challenge of managing cybersecurity risk is a continuous journey with constantly evolving complexities, threat scenarios and technologies.

This is why we also became a member of the Cybersecurity Tech Accord, an international industry-led working group of more than 145 technology and security companies that promote a safer online world by fostering collaboration and committing to protect their customers against security threats.

As a member of the Tech Accord, we plan to share our industry insights and cybersecurity best practices while continuing to innovate how we can reduce risk for our customers. The Cybersecurity Tech Accord’s focused effort to protect and empower people to improve security fundamentally aligns with our approach to cybersecurity.

Global effort targets secure online environments

Cybersecurity is a critical capability for supporting our hyper-connected and digital future. Today, cyberattacks are more frequent, sophisticated and autonomous than ever before. At Eaton, we have enterprise-wide capabilities. Our people, tools, processes and platforms are a differentiator. And we’re continuing to actively work with leading global organizations to advance cybersecure environments.

Recently, we expanded our partner ecosystem for cybersecurity to include Tenable. Together, we are helping customers determine potential vulnerabilities to mitigate cybersecurity threats in converged IT/OT environments.

Ransomware attacks haveunderlinedthe global importanceof cybersecurity and the role of government, industry and community in building a peaceful and stable online world. Through collaboration with industry leaders, we’re supporting this effort while demonstrating our commitment to strengthening cybersecurity and sharing the best practices we’ve developed on how to act securely and safely online.

Weekly Brief

Read Also

Navigating the Changing Cybersecurity Landscape

Navigating the Changing Cybersecurity Landscape

Mark Leary, VP & CISO, Regeneron Pharmaceuticals
Open Sources, Open Doors or How to Innovate in a Competitive Cloud Market

Open Sources, Open Doors or How to Innovate in a Competitive Cloud...

Garrick Stavrovich, the Lead Product Manager for Nasdaq’s Global Information Services
How AI will play a crucial role in the defense against cyber attacks

How AI will play a crucial role in the defense against cyber attacks

Scott Southall, Regional Head of Innovation, Asia Pacific, Citi
Building NextGen Enterprise Risk Management Capabilities

Building NextGen Enterprise Risk Management Capabilities

Chee Kong Wong, EY Oceania and EY Asia-Pacific Governance Risk and Compliance (GRC) Technology Leader
Implementing IAM to Boost Growth

Implementing IAM to Boost Growth

Tamsyn Weston, Head of IT Solution Development, EUROPEAN TYRE ENTERPRISE LIMITED