roadside warning light

Safety and Cybersecurity are two sides of the same coin

In light of the recent global crisis, one thing floated to my mind – safety and cybersecurity. Often, even today, many vertical practitioners in industrial safety and cybersecurity still silo themselves, rather than cross-pollinate technologies and strategies to make these practice areas converge. But, increasingly, the need for a convereged safety and cybersecurity ecosystem is ever closer, and pressing.

In the happiest year in recent years, the year 2019 (before the global endemic ravaged everywhere), ARC analyst Larry O’Brien penned a piece on their website, talking about safety and cybersecurity. It was succinct and thought-provoking, especially if one is either a cybersecurity practitioner, or an industrial safety one. One of the keywords was “risk”.

What is risk? Simply put, risk is the possibility of something bad happening, from unpleasant to disastrous. The degree of risk depends on the outcomes. Similar to aviation, pilots follow the basic premise of ANC (aviate, navigate, communicate). So, analogous to managing risk in an ecosystem, we need to be able to manage our ecosystem (aviate), determine which strategic direction we need to go to (navigate), and ensuring everyone on board knows what to do and everyone else knows what we are doing (communicate).

In an industrial setting, whether an energy facility (nuclear or power plant), oil and gas plant (refinery), chemical plant (manufacturing), rail (high or low speed transportation), etc, there has always been an emphasis on safety. Plants must function and be able to respond to sudden crisis events. Rail systems must be able to mitigate impending danger and prevent loss of lives.

And while cybersecurity is increasingly important in an industrial ecosystem, especially since many such ecosystems are increasingly connected (nodes to nodes, and to the cloud), and also interconnected (where facilities are connected remotely by broadband or wire). Pure-play cybersecurity vendors, the likes of Check Point Software and Fortinet are often the mainstay of most cyber-defenses used from banks, schools, governments, and of course, industrial facilities. The other approach of cybersecurity is from the software integrity perspective, from the likes of Synopsys, where the “shift left” paradigm of software testing with the aim to design software right and secure from the start, utilizing a discernment for vulnerabilities and open source software license infringements and more, even testing with just compiled code rather and source.

While these approaches, whether traditional and holistic cyber-defenses, to “shift left”, started from the information technlogy (IT) space, there is another approach that came right from the industrial space, that of integrated industrial safety and security, such as those from HIMA. Such companies cater to safety control systems, embedded safety and security (such as “secure systems on a chip” or SSOC), and even remote management to cater to an increasingly hybrid work environment, or “work from anywhere” (WFA).

The industrial space and the other tech spaces are fast converging, including that of safety and cybersecurity. There will come a time where safety and cybersecurity will become monolithic and expected as a norm for any facility, critical infrastructure or otherwise. That day, seems to be just a fiber or Ethernet cable away.