“Engineering Out” Cyber Risk

Process control engineers and system integrators keep a plant running and keep it safe. Lately, with the advent of Industrial IoT, digitalization, and Industry 4.o, they are increasingly called upon to keep it secure from cyber attacks as well.

Engineers are uniquely equipped for the job, according to researchers at the USA’s Idaho National Laboratory (INL) and National Renewable Energy Laboratory (NREL). With this understanding they have introduced principles of Cyber-Informed Engineering (CIE) in a recently released document: the Cyber-Informed Engineering Implementation Guide.

An Engineering Approach

“CIE is an engineering approach that integrates cybersecurity considerations into the conception, design, build, and operation of any physical system that has digital connectivity, sensors, monitoring, or control,” says the guide. “This approach offers new opportunities to ‘engineer out’ cyber risk—that is, to use early design decisions and engineering controls to reduce, mitigate, and even eliminate the consequences of a cyber attack.”

Rather than calling in a cybersecurity team after the fact to harden the security of completed systems, the guide says that control engineers and system integrators must consider the real risks of intelligent, malicious intruders disrupting their systems at every step of a project—from concept and design to development, operating, maintaining and even its eventual replacement. An engineering approach considers not only digital monitoring, but the physical system itself—the devices, equipment, and physical controls.

Software and Services

Of course, the physical approach must combine with secure-by-design software and services, such as Skkynet provides, to optimize protection and minimize risk. Network and data security are particularly relevant in these times when production data is in such demand for analysis, AI, and third-party interests. In the guide, for example, Principle 3, Secure Information Architecture recommends Next Generation Firewalls (NGFW) and DMZs to segment networks, while Principle 5, Layered Defense, covers topics like diversity, redundancy, and system hardening to defend and degrade the system in a controlled way during a cyber incident.

Skkynet’s Cogent DataHub software running on-premise or as a service in the cloud has been addressing these needs for years. Its unique tunnel/mirror technology, combined with the ability to bring multiple industrial protocols into a single, unified namespace provides a secure platform for redundant connections through closed firewall ports and across DMZs. Using this tool, Skkynet account managers and technical staff reach out to educate, guide, and support system integrators and plant engineers through the process of designing and building secure data communications between operations technology (OT) and IT or cloud applications.

We believe Cyber-Informed Engineering is a valuable approach towards keeping industrial processes secure. Today, more than ever, each system integration project, from concept and design to development, operation, and maintenance—from the device in the field to the report on a manager’s desk—depends on sound cybersecurity principles. Skkynet’s secure-by-design software and services provide the flexibility and value required for full integration with physical systems to “engineer out” cyber risk.