Welcome to the first in a series of six unique articles examining the critical importance of system lifecycle management and analysis to business continuity.
With the pandemic boosting the rise of industrial automation to help protect workers’ health and safety, industrial systems have never been more connected, more digitally influenced, and more remote. However, this can bring as many risks as the problems it solves.
As more and more industrial devices become a part of the industrial internet of things (IIoT), industrial systems can be more vulnerable to cybercriminals and other malicious actors. Managing these risks is more complex than simply investing in a firewall. You need ongoing system lifecycle management and security assessment to assure business continuity: the ability to maintain production safely and effectively.
Disruption to Industrial Systems
There are, of course, many different scenarios that can cause considerable disruptions to your industrial systems. Cybercrime costs American businesses around $3.5 billion a year. $9 million of that alarming total is payments to criminals using ransomware. Ransomware is malicious software or malware that targets systems, shutting them down until a ransom is paid. Because industrial settings have not traditionally employed security practices as rigorous as those implemented by commercial outlets, cybercriminals may be more opportunistic about attacking factories, power plants, and other industrial businesses.
Other cybercrimes include deliberately sabotaging systems, such as the attack on a Florida water plant in early 2021. The chemicals cleaning the water were altered, with the potential to make it toxic for residents. Observant employees noticed what was going on and mitigated the danger. However, the overall assessment of the situation showed that the attack could have been avoided by providing the remote systems software with a more secure configuration.
Transitioning away from discussing the digital world, other factors could cause significant disruption to production or even threaten the safety of your employees or assets, including:
- Terrorism or terrorist threats to your outfit and surrounding businesses
- Extreme weather events, such as floods and hurricanes
- Pandemics, such as the COVID-19 situation
- The failure of equipment
- Disgruntled or resentful employees
Risks to any industry run from the catastrophic to the thoroughly mundane, requiring complex contingency plans.
The Impact of Disruption
When disruption is so common, why do we put so much effort into avoiding it? The actual business impact of failing to mitigate against disruption hinges on one question: If production stopped at your facility right now, how long could you go without losing clients, customers, or even employees? The consequences of an interruption in operations can include:
- Severe financial implications
- The loss of faith with clients or users of your products and services
- The loss of contracts and bids if you’re not seen as secure
- Employees may move to the competition if they don’t feel as safe or secure
- Negative impacts within the surrounding community
Consider the example of SandWorm. An international group of cybercriminals developed malware and other malicious infiltration techniques over several years, eventually culminating in the ability to completely take down a power plant in Ukraine. This caused a blackout for around 80,000 people for at least six hours. It’s easy to assume that “It couldn’t happen over here,” but the fact is that without proper asset and lifecycle management and effective cybersecurity, any industrial outfit is at risk. The Colonial Pipeline attack of 2021 is proof of that. It’s thought that the hackers gained access to the industrial systems via a dark web leak of data. This data leak could potentially have been prevented with more robust lifecycle management.
How Asset Management Solutions Help
A thorough asset and system lifecycle management solution has to examine all the devices within your industrial system. That includes any industrial automation and all the devices, remote and onsite, that connect to it. It involves assessing third-party software and how effective the security is. It may also include how the factory floor would deal with an explosion. In the food and beverage industry, flour can cause enormous explosions. Assessing whether intrinsic safety protocols or explosion-proof devices are best could be one aspect of asset management. Lifecycle management also has contingencies for when things do go wrong. Disaster recovery plans can help industries get back on their feet quicker.
ICA Engineering’s System Life Cycle Analysis Service — An Introduction
ICA Engineering can assess your current system and help you make the changes that will future-proof your business. Examining legacy systems and seeing what can be changed or replaced to align with current security regulations is a start. That also applies to every part of your industrial systems. Every switch and every drive that’s connected to your control system is a vital part of the whole, so ICA ensures they’re all up to standard and helping you maintain business continuity. The main steps in the process are:
- Evaluation — what do you have now, and what condition is it in?
- Gap analysis — what are you missing?
- Risk analysis — what could go wrong?
- Remediation planning — how can we help you mitigate those risks?
If this article has got you thinking about risk mitigation or your industry, look for the next installment, in which we’ll explore key considerations around security and other concerns. Contact ICA for more information if you want to know more about protecting your business’ continuity through a comprehensive asset management solution.