Efficient Plant January 2018 - 21

feature | operational strategies
with security in mind. They note, however, that
increased awareness in the importance of and
threats to BMS/BAS systems is finally boosting
interest in protecting them from cyber incidents.
Adoption of industrial cybersecurity frameworks will increase. Though most industrial
cybersecurity frameworks aren't mandatory,
Gandelsman and Lenchner described a significant
uptick in organizations looking to implement
them during 2017. They expect this trend to continue in 2018. While cybersecurity compliance is
an important goal, they wrote that it's even more
imperative to implement measures that provide
much-needed visibility into industrial network
activity to detect incidents and conduct the right
incident response. Such frameworks include:
 NIST Cybersecurity Framework: The National Institute of Standards and Technology,
(nist.gov, Gaithersburg, MD) published the first
version of the Cybersecurity Framework (CSF)
for operators of critical infrastructure in 2014.
In 2017, NIST released an update titled "Framework for Improving Critical Infrastructure Cybersecurity Version 1.1." that incorporates feedback and comments from the agency's Dec. 2015
Request for Information. NIST also published
the "manufacturing profile" of the cybersecurity framework, which enhances (but does not
replace) current cyber-security standards and
industry guidelines. It can be used as a roadmap
for reducing manufacturer cybersecurity risk.
 NERC CIP: The North American Electric
Reliability Corp. (nerc.com, Atlanta) introduces Critical Infrastructure Protection (CIP)
standards to ensure reliability of the nation's
Bulk Electric System (BES). The current version
of NERC CIP includes 11 critical infrastructure-protection cybersecurity standards that
specify a minimum set of controls and processes
power-generation and -transmission companies
should follow to ensure the reliability and security of North America's power grid. Deploying
traditional IT security controls, such as firewalls
and antivirus software, is not sufficient for CIP
compliance. To meet NERC's CIP standards,
electric-utility owners and operators must also

JANUARY 2018

have complete visibility into all ICS assets and
network activities.
 Pharmaceuticals Manufacturing Guidelines: The current good manufacturing practice
(cGMP) regulations for validating pharmaceutical manufacturing require drug products to
be produced with a high degree of assurance
that they meet all attributes they are intended to
possess. The U.S. Food and Drug Administration (fda.gov, Washington) issued guidance that
requires manufacturers to maintain processes
in a state of control over their entire lifecycle, even as materials, equipment, production
environment, personnel, and manufacturing
procedures change.
Secure and encrypted industrial protocols
will be introduced. In 2018, Gandelsman and
Lenchner expect industrial technology vendors
will introduce devices that support encryption
and other embedded security controls. Although
this is a positive trend and a crucial step toward
making industrial control systems and critical
infrastructure more secure than in the past, they
predict it will take decades before all legacy technologies are replaced. Even then, they believe no
single product, technology, or methodology can
fully secure ICS environments.
The solution? A defense-in-depth approach,
they wrote, one that addresses internal and external security threats, is what's needed. As they put
it, this begins with consolidated OT-network-activity monitoring and integrity validation for
critical devices such as industrial controllers.

BOTTOM LINE
Cyberthreats are everywhere. And they're not
going away.
The bottom line, according to Gandelsman
and Lencher, is clear: Referencing past, current,
and future industrial realities, they conclude
that significant increases in ICS network threats
demonstrate the need for organizations to take
cybersecurity far more seriously in the coming
year. That is, if those organizations really want
to reduce the risk of successful cyberattacks on
critical infrastructure. EP

Organizations
must take
cybersecurity
far more
seriously than
in the past.

+
To read the full
two-part series on
which this article
is based, as well
as download
various resources
associated with
the discussion,
go to blog.indegy.
com.

EFFICIENTPLANTMAG.COM |

21


http://www.fda.gov http://www.nist.gov http://www.nerc.com http://blog.indegy.com http://www.EFFICIENTPLANTMAG.COM

Table of Contents for the Digital Edition of Efficient Plant January 2018

Efficient Plant January 2018 - 1
Efficient Plant January 2018 - Cover1
Efficient Plant January 2018 - GF1
Efficient Plant January 2018 - GF2
Efficient Plant January 2018 - Cover2
Efficient Plant January 2018 - 1
Efficient Plant January 2018 - 2
Efficient Plant January 2018 - 3
Efficient Plant January 2018 - 4
Efficient Plant January 2018 - 5
Efficient Plant January 2018 - 6
Efficient Plant January 2018 - 7
Efficient Plant January 2018 - 8
Efficient Plant January 2018 - 9
Efficient Plant January 2018 - 10
Efficient Plant January 2018 - 11
Efficient Plant January 2018 - 12
Efficient Plant January 2018 - 13
Efficient Plant January 2018 - 14
Efficient Plant January 2018 - 15
Efficient Plant January 2018 - 16
Efficient Plant January 2018 - 17
Efficient Plant January 2018 - 18
Efficient Plant January 2018 - 19
Efficient Plant January 2018 - 20
Efficient Plant January 2018 - 21
Efficient Plant January 2018 - 22
Efficient Plant January 2018 - 23
Efficient Plant January 2018 - 24
Efficient Plant January 2018 - 25
Efficient Plant January 2018 - 26
Efficient Plant January 2018 - 27
Efficient Plant January 2018 - 28
Efficient Plant January 2018 - 29
Efficient Plant January 2018 - 30
Efficient Plant January 2018 - 31
Efficient Plant January 2018 - 32
Efficient Plant January 2018 - 33
Efficient Plant January 2018 - 34
Efficient Plant January 2018 - 35
Efficient Plant January 2018 - 36
Efficient Plant January 2018 - 37
Efficient Plant January 2018 - 38
Efficient Plant January 2018 - 39
Efficient Plant January 2018 - 40
Efficient Plant January 2018 - 41
Efficient Plant January 2018 - 42
Efficient Plant January 2018 - 43
Efficient Plant January 2018 - 44
Efficient Plant January 2018 - 45
Efficient Plant January 2018 - 46
Efficient Plant January 2018 - 47
Efficient Plant January 2018 - 48
Efficient Plant January 2018 - Cover3
Efficient Plant January 2018 - Cover4
https://www.nxtbook.com/atp/MaintenanceTechnology/epjulyaug2020
https://www.nxtbook.com/atp/MaintenanceTechnology/epjune2020
https://www.nxtbook.com/atp/MaintenanceTechnology/epmay2020
https://www.nxtbook.com/atp/MaintenanceTechnology/epapril2020
https://www.nxtbook.com/atp/MaintenanceTechnology/epmarch2020
https://www.nxtbook.com/atp/MaintenanceTechnology/epfeb2020
https://www.nxtbook.com/atp/MaintenanceTechnology/epjan2019
https://www.nxtbook.com/atp/MaintenanceTechnology/epnovdec2019
https://www.nxtbook.com/atp/MaintenanceTechnology/epseptoct2019
https://www.nxtbook.com/atp/MaintenanceTechnology/epmay2019
https://www.nxtbook.com/atp/MaintenanceTechnology/epapril2019
https://www.nxtbook.com/atp/MaintenanceTechnology/epmarch2019
https://www.nxtbook.com/atp/MaintenanceTechnology/epfebruary2019
https://www.nxtbook.com/atp/MaintenanceTechnology/epjanuary2019
https://www.nxtbook.com/atp/MaintenanceTechnology/epdecember2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epnovember2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epoctober2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epseptember2019
https://www.nxtbook.com/atp/MaintenanceTechnology/epaugust2018
https://www.nxtbook.com/atp/MaintenanceTechnology/0818schneider
https://www.nxtbook.com/atp/MaintenanceTechnology/epjuly2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epjune2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epmay2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epapril2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epmarch2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epfebruary2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epjanuary2018
https://www.nxtbook.com/atp/MaintenanceTechnology/epdecember2017
https://www.nxtbook.com/atp/MaintenanceTechnology/epnovember2017
https://www.nxtbook.com/atp/MaintenanceTechnology/epoctober2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtsept2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtaugust2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtjuly2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtjune2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtmay2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtapril2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtmarch2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtfebruary2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtjanuary2017
https://www.nxtbook.com/atp/MaintenanceTechnology/mtdecember2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtnovember2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtoctober2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtseptember2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtaugust2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtjuly2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtjune2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtmay2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtapril2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtmarch2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtfebruary2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtjanuary2016
https://www.nxtbook.com/atp/MaintenanceTechnology/mtdecember2015
https://www.nxtbook.com/atp/MaintenanceTechnology/mtnovember2015
https://www.nxtbook.com/atp/MaintenanceTechnology/mtoctober2015
https://www.nxtbook.com/atp/MaintenanceTechnology/mtseptember2015
https://www.nxtbook.com/atp/MaintenanceTechnology/MTAugust2015
https://www.nxtbook.com/atp/MaintenanceTechnology/MTJuly2015
https://www.nxtbook.com/atp/MaintenanceTechnology/MTJune2015
https://www.nxtbook.com/atp/MaintenanceTechnology/M
https://www.nxtbook.com/atp/MaintenanceTechnology/0415endress
https://www.nxtbook.com/atp/MaintenanceTechnology/MTApril2015
https://www.nxtbook.com/atp/MaintenanceTechnology/MTMarch2015
https://www.nxtbook.com/atp/MaintenanceTechnology/MTFebruary2015
https://www.nxtbook.com/atp/MaintenanceTechnology/MTJanuary2015
https://www.nxtbook.com/atp/MaintenanceTechnology/MTDecember2014
https://www.nxtbook.com/atp/MaintenanceTechnology/MTNovember2014
https://www.nxtbook.com/atp/MaintenanceTechnology/MTOctober2014
https://www.nxtbook.com/atp/MaintenanceTechnology/MTSeptember2014
https://www.nxtbook.com/atp/MaintenanceTechnology/MTAugust2014
https://www.nxtbook.com/atp/MaintenanceTechnology/MTJuly2014
https://www.nxtbookmedia.com