Cybersecurity and Workplace Safety
Cybersecurity is essential in maintaining safety in a modern industrial workplace.
Workplace safety has grown in importance over the past few decades to the point where it is a vital issue for both leadership and boards—ethically and legally. Through this focus, the continued improvement of workplace safety has resulted in a steady decline in workplace incidents. For example, in the US, between the years 2000 and 2020, the number of workers rose by 9%. However, the number of workplace-related deaths dropped by 22%.1 It’s a very positive trend. Industrial workplaces, such as manufacturing, utilities, and the resources sector, have taken this one step further and made workplace safety a crucial part of their organisational culture. In these industries, it’s common for all employees to take an active role in ensuring a safe workplace.
Much like the rise of workplace safety, cybersecurity is following a similar trajectory, becoming a leading concern for boards and executive teams. In fact, Gartner® predicts that by 2025, 40% of boards of directors will have a dedicated cybersecurity committee overseen by a qualified board member, up from less than 10% today.2 It’s not surprising. By leveraging data-driven, smart, robotic automation, Industry 4.0 is creating a new paradigm in industrial environments and must come with a new approach to industrial workplace safety. And that means taking a thoughtful, strategic approach to cybersecurity.
Safety and the New Industrial Workplace
Industrial machines were once heavy machinery with electronics built into them, whereas Industry 4.0 has given rise to industrial robots, essentially computers with machinery attached to them. The use of robots in industrial environments is predicted to grow over the coming years to the point where they will be ubiquitous in Industry 4.0 organisations. Industrial robots will become increasingly autonomous through artificial intelligence and much more mobile, cohabitating and working alongside human workers.
As robots and people work more closely together, the risk of an industrial robot causing harm to humans increases. From a cybersecurity perspective, industrial robots should be treated just like any other computing asset and must be secure by design and secure in operation. Industry 4.0 is where workplace safety intersects with cybersecurity. Cybersecurity is now a fundamental requirement for a safe, modern industrial workplace.
A Safe Industrial Workplace Is a Cybersecure Workplace
Would you feel safe riding in an autonomous vehicle at 100mph if you knew its cybersecurity had been compromised? Similarly, would you feel safe working alongside an insecure industrial robot? Gartner predicts that “By 2025, cyber attackers will have weaponized operational technology (industrial) environments to successfully harm or kill humans.”3 The need for cybersecurity in industrial workplaces has never been greater than it is today. Boards have a responsibility to provide a safe workplace, and in an Industry 4.0 world, that equates to a secure cyber workplace.
Industry 4.0 can take the following steps to ensure the safety of its autonomous systems:
- Drive accountability and shared responsibility. Industry 4.0 organisations must have ownership and accountability for cybersecurity from the board down. Typically, organisations will have a Chief Information Security Officer with a company-wide mandate to manage cybersecurity risk and build a security-aware culture. Cybersecurity should be considered a priority and built into every decision made.
- Seek continuous visibility. Seeing everything you have is essential to identifying the diverse range of IoT and robotic devices in modern industrial environments. A device cannot be secured until it is identified. Additionally, continuous visibility provides ongoing monitoring of the device’s behaviour to identify anomalous and potentially malicious activity.
- Leverage microsegmentation. Microsegmentation should be used to isolate and protect each industrial system. Using a next-generation firewall to reduce the attack surface of each industrial system dramatically minimises the likelihood of a system compromise and a threat actor moving laterally between systems.
- Make Zero Trust the standard. Finally, adopt a Zero Trust approach to cybersecurity. Zero Trust is a strategic approach to cybersecurity that secures an organisation by eliminating implicit trust and continuously validating every stage of digital interaction. Ensuring the diverse technologies and dynamic nature of Industry 4.0 will be better achieved by adopting the data and resource-centric approach to a security architecture that Zero Trust brings.
As industrial robots become ubiquitous and their mobility allows for cohabitation in the workplace with people, cybersecurity will be seen as an essential foundation for workplace safety. As a result, Industry 4.0 must begin treating cybersecurity as a workplace safety issue and align its security and safety programs to reduce risk.
1. “Work-related Fatality Trends,” National Safety Council, 2021.
2. “Gartner Predicts 40% of Boards Will Have a Dedicated Cybersecurity Committee by 2025,” Gartner, January 28, 2021.
3. “Gartner Predicts By 2025 Cyber Attackers Will Have Weaponized Operational Technology Environments to Successfully Harm or Kill Humans,” Gartner, July 21, 2021.