Industry Collaboration is Essential to Secure Our Increasingly Connected World

MichaelRegelski, SVP and Chief Technology Officer for Eaton’s Electrical Business

MichaelRegelski, SVP and Chief Technology Officer for Eaton’s Electrical Business

Our world continues to become more connected and electrified. In the next five years, analysts like IDC expect 41.6 billion connected devices will generate 79.4 zettabytes of data that will need to be maintained and processed. At the same time, our world is becoming increasingly electrified with the digitalization of building and transportation systems steadily increasing.

An increasingly connected and electrified world needs trusted environments. Yet, a system is only as secure as its weakest link. Supporting secure connectivity is the most important first step in our industry’s ongoing marathon to harness the full potential of the IIoT.  With 95 percent of CIOs expecting cybersecurity threats to increase and impact their organizations, the need for partnerships across industries and communities to innovate and build safer and more secure technologies is essential.

Device manufacturers have a critical responsibility to ensure all product development follows a proactive and consistent enterprise-wide approach to cybersecurity. Only by adopting a secure by design methodologycan we provide customers with confidence that their connected solutions meet rigorous standards to operate securely worldwide. To achieve this, cybersecurity risks should be managed through a Secure Development Lifecycle with protocols in place for threat modeling, requirements analysis, implementation, verification, and ongoing maintenance to manage risk.Additionally, companies should take inventory of everything connected to their networks and employ a zero-trust model.

The bottom line is that cybersecurity is a must-have for product development, much like safety and quality. This means strict procedures and cybersecurity protocols need to be integrated at every phase of product development that involve people, processes and technologies.

Unifying global cybersecurity standards for connected products

As more manufacturers and industries build and deploy IIoT devices, the security and safety of systems providing essential operations become more important and more difficult to manage. These complexities are due, in part, to a lack of a global, universally accepted cybersecurity standard and conformance assessment scheme designed to validate connected products.The idea is to make sure all the components within a power system meet the same high cybersecurity standards.

"Only by adopting a secure by design methodology can we provide customers with confidence that their connected solutions meet rigorous standards to operate securely worldwide." 

The economic challenges to safeguarding IIoT ecosystems spawn from the complex manufacturing supply chain and the difficulty of assigning clear liabilities to manufacturers and system integrators for any vulnerabilities introduced. Most products and systems assemblies consist of components from different suppliers. Where should the element of trust begin and end if there is no global conformity assessment scheme to ensure that products and systems are designed to be compliant with the global standards defined by the industry?

There are currently a multitude of different standards and regulations created by various organizations, countries and regional alliances across the globe. All of these standards and regulations address the urgent need to secure our connected world, however they also create the potential for confusion and possibility of weak links in critical infrastructure ecosystems.

The electrical industry needs a singular path to follow when it comes to designing and developing connected solutions. Having product development processes certified by a third-party gives customers confidence that their solutions are compliant with the highest-cybersecurity requirements before they ever leave the factory floor.

 This isn’t a journey we want to embark on alone. Electrical infrastructure is an ecosystem that is often built upon a foundation of equipment from many different manufacturers. Customers need confidence that each company is delivering technologies that are compliant with industry standards.

Establishing global standards for cybersecurity is a collective effort. For example, we’re working with renowned standards leaders like UL, the International Electrotechnical Commission (IEC) and the International Society of Automation (ISA) Global Cybersecurity Alliance to drive a global conformance assessment standard to cybersecurity within our industry. We’ve also partnered with universities and research institutions to strengthen cybersecurity education and train the next generation of engineers to develop new security strategies for connected products.

The inherent challenge of managing cybersecurity risk is a continuous journey with constantly evolving complexities, threat scenarios and technologies.

This is why we also became a member of the Cybersecurity Tech Accord, an international industry-led working group of more than 145 technology and security companies that promote a safer online world by fostering collaboration and committing to protect their customers against security threats.

As a member of the Tech Accord, we plan to share our industry insights and cybersecurity best practices while continuing to innovate how we can reduce risk for our customers. The Cybersecurity Tech Accord’s focused effort to protect and empower people to improve security fundamentally aligns with our approach to cybersecurity.

Global effort targets secure online environments

Weekly Brief