A Digital Transformation strategy needs your employees to focus on both value outcome (new tools for them to use) as well as an ongoing dedication to Cyber Security.  This is a contributed article on the subject, by Emerson’s Peter Zornio and Cyber Security expert Robert Lee.   

Digital Transformation: A One-Two Punch to Empower Employees and Protect Data

Story also published on IIoT World 

As the COVID-19 pandemic continues to impact business and the economy worldwide, companies in every industry are using a critical eye to prioritize their operations amidst shrinking budgets and a catalog of unknowns. This includes exploring automation technologies that can protect and even future-proof essential operations in an environment of fewer people, social distancing and more remote operations.

Companies may be tempted to shuffle cybersecurity enhancements to the back burner in this current landscape, assuming their status quo is sufficient until calmer times. This is a dangerous mistake, as the pandemic has brought with it a secondary epidemic: increased malware and ransom attacks in manufacturing. The Dragos’ 2019 Year In Review (YIR ) Report noted that 66% of Incident Response (IR) cases involved adversaries directly accessing the Industrial Control System network from the Internet.

Dragos Cyber Security Report

The need to quickly pivot and protect data in remote settings has no doubt been a contributing factor, as employees quickly moved from data-secure offices to homes powered by their own Wi-Fi networks far from company servers. But this uptick in cyber incidents is also exposing a fundamental problem: Companies across the globe have long been under-investing in cybersecurity. As organizations consider what coronavirus-forced changes to maintain even after the “new normal,” it’s past time for cybersecurity to move from just good enough to its rightful place as an essential component of doing business – no matter the industry.

Even in difficult times, digital transformation programs are a vital investment – and for many companies, the COVID-19 pandemic has accelerated the adoption of advanced automation technologies to support the work of employees. Essential industries like power, life sciences, food and beverage and energy have been challenged to continue meeting critical needs while balancing the importance of keeping employees safe and effectively distanced. Digital transformation can help fill this gap.

Using automation technologies such as sensors and control systems to monitor real-time conditions in a plant can help reduce the number of employees who need to gather in one space while providing invaluable data about the health of equipment and operations. The latest integrated technologies can be securely accessed by experts anywhere, enabling remote collaboration to ensure no disruption in operations that can’t spare unplanned downtime.

When assessing new automation technologies to optimize operations, cybersecurity protocols must be part of an organization’s evaluation. An effective digital transformation program uses technology to protect both people and essential industries without compromising security. In fact, many forms of leading digital transformation technologies have integrated cybersecurity capabilities that guard data and operations while empowering employees in their roles.

Organizations that are wary of new initiatives in the current landscape can start small and still see measurable successes in enhanced reliability, more efficiency and optimized operations. The most successful digital transformation programs can be scaled effectively, enabling companies to replicate their successes over multiple pieces of equipment and locations.

Technology is key, but companies that sustain high levels of cybersecurity know that success is as much about the people and the culture as it is the technology. A universal understanding of the importance of cybersecurity and following best practices must be embedded in the culture and behavior of employees at an organization. In addition, organizations must be diligent to ensure any vendors or partners share their rigorous standards of cybersecurity. With so many options, it’s easy to be swayed by the latest shiny software without consideration of the full scale of security needs.

In an era when the phrase “unprecedented times” begins to wear out its welcome, it’s natural for organizations to reflexively focus on minimizing the changes they can. But the benefits of digital transformation – even starting small – can help organizations see sustainable, significant improvements to protect employees and security now and in the future.

To hear more about Enabling a Secure Digital Transformation with your ICS, listen to Peter and Robert speak on this topic by watching this webinar.

Peter Zornio is chief technology officer for Emerson’s Automation Solutions business. Robert M. Lee is CEO of Dragos.

 About the Authors

Peter Zornio is chief technology officer (CTO) for Emerson Automation Solutions and has been with Emerson for 12 years. As CTO, Zornio has responsibility for overall coordination of technology programs, product and portfolio direction, and industry standards across the Automation Solutions group. This includes Emerson’s digitization and Industrial Internet of Things (IoT) developments, such as the Plantweb™ digital ecosystem.

Robert M. Lee is a recognized pioneer in the industrial security incident response and threat intelligence community. He gained his start in security as a U.S. Air Force Cyber Warfare Operations Officer tasked to the National Security Agency where he built a first-of-its-kind mission identifying and analyzing national threats to industrial infrastructure. He went on to build the industrial community’s first dedicated monitoring and incident response class at the SANS Institute (ICS515) and the industry recognized cyber threat intelligence course (FOR578).