Electricity + Control December 2017

CONTROL SYSTEMS + AUTOMATION

secure. However, it is possible and rea-

while promoting safety, security, business confi- dentiality, privacy, and civil liberties.

sonable to develop and implement cybersecurity programs that balance cy- bersecurity with the needs and capabilities of your organi- sation. By implementing cyberse- curity programs organisations can drastically reduce both the number of security incidents affecting their operations and the impact of such in- cidents. Developing or just improving cybersecurity programs will also make it easier for the organisation to innovate, taking advantage of new technologies that can lower operational costs while delivering better services to employees, partners, customers and citizens. Conclusion My goal with this article is to promote and improve a cybersecurity culture that will lead to the development of cyber- security programs for any organisation, no matter the size and industry sector – with ultimate goal to protect critical infrastructure in Africa (South Africa). In order to be fully effective, cyber- security programs in your organ-

Focus on cures, not remedies Industrial cybersecurity is roughly a decade behind the maturity level of IT security in many ways, in- cluding organisational development, funding, availa- ble tools and skilled resources. IT has historically al- located 5 to 10% of its total spend to cybersecurity, but OT has had no corresponding budget because there was no perceived cyber threat. Justification for funds continues to be challenging in many coun- tries and organisations are regardless of where re- sponsibility for industrial cybersecurity lies. With software and hardware life cycles running into decades, the ICS environment maintains a more diverse collection of legacy systems creat- ing a larger and complex list of variables to check potential impacts against. Considering the above challenges, it is important to keep in mind that ICS cannot be secured without developing and implementing a coordinated and iterative industri- al cybersecurity program. Furthermore, industrial cybersecurity programs should always be part of broader ICS safety and reliability programs at both industrial sites and enterprise cybersecurity pro- grams, because cybersecurity is essential to the safe and reliable operation of modern industrial processes. If ICS is not safe, it is not secure. Securing ICSs in the era of IT/OT convergence is a great responsibility that requires coordinated efforts of many national and organisational re- sources and often changes in cybersecurity cul- ture that introduce a new way of thinking. This shift in thinking has to involve departure from wrong belief that purchasing expensive technolo- gy will ultimately protect critical infrastructure and solve all cybersecurity issues to focusing on use of available technology in more secure ways. Tech- nology is just one puzzle and available to help peo- ple and organisations with cybersecurity. Further- more, protecting critical infrastructure in a digitally connected world is not a one-time project, but an ongoing process with no end date. It is not possible and realistic for critical infra- structure and any organisation to be completely

isation must include protection of information, technology, people and facilities.

Goran Novkovic, MSc, ITIL, CQA, CSQE, PMP, APM, Peng – is Cybersecurity Program Manager at Valiver. Tel. (+1) 647-895-6677 Email goran@valiver.com Visit www.valiver.com

Electricity + Control

DECEMBER 2017

7