Digital Risk Management: It’s Everyone’s Responsibility

Joanne Tanner and Tristan Hunter introduce a new member-led series on digitalisation, and in this first article discuss how you can help improve digital security

DIGITALISATION is transforming chemical engineering, creating a multitude of opportunities and challenges for IChemE members across all sectors. This is why digitalisation has been selected as one of three priority topics by the IChemE Learned Society Committee (LSC). The IChemE LSC Digitalisation Technical Advisory Group (DigiTAG) has been created to raise awareness, and provide insight and guidance for members on this topic.

As part of its work, the DigiTAG will write a new series of articles on digitalisation and digital technologies. We open the series with this article on digital risk management and look forward to working on future articles with special interest groups (SIGs), communities of practice (CoPs), expert members, and IChemE communities.

Your role in digital risk management

Digitalisation is allowing chemical and process engineers to improve operational efficiency, reduce environmental impact, and globally collaborate in ways that have never before been possible. However, these new opportunities also bring new risks. The topic of cybersecurity can be daunting but this need not be the case. Although there are attackers actively searching for ways to compromise manufacturing facilities and disrupt corporate supply chains, there are simple steps we can all take to prevent this from happening, and mitigate the consequences if it does.

It’s important to recognise that understanding, implementing and maintaining digital security is no longer the sole purview of the IT department

The purpose of this article is to raise awareness about the cybersecurity risks associated with digitalisation technologies, and provide a practical explanation of how engineers can help manage this ongoing risk.

It’s important to recognise that understanding, implementing and maintaining digital security is no longer the sole purview of the IT department. Nor is it something that only chemical and process engineers working in operational technology (OT) or process control roles need to consider. Much like health and safety, cybersecurity is everyone’s responsibility. We should all be asking questions, asking for training, and asking how the risks can be managed so we can help realise the benefits of digitalisation technologies. Companies are taking it seriously, and so should we. In fact, it could be argued that engineers are better equipped than most to manage digital risks given our training in, and awareness of, process safety and layers of protection paradigms.

What has changed?

The rise of analytics has driven a huge corporate appetite for access to the data generated by and held in OT systems. The move from proprietary technologies to open standards for control systems has also made it much cheaper and easier to implement the connectivity required to enable this data transfer. However, increased connectivity also means that attackers now also have more avenues to access OT systems too, and the tools and techniques used by attackers against IT systems are now also effective on OT systems.

Table 1 presents some of the publicly disclosed attacks on companies with OT systems. It is unclear if OT systems were compromised in every instance.

1. https://reut.rs/2S72bGA
2. https://bit.ly/3bxj1FO
3. https://cbsn.ws/3eU2vl1
4. https://bit.ly/2S3VNjo
5. https://bbc.in/3v1dOgU
6. https://bit.ly/3fuYOS7