Why Should Cybersecurity Matter to You?
IChemE has launched fact files on the importance of cybersecurity in the process industries. Helen Kilbride explains why cybersecurity must be on your radar
THE industries in which chemical engineers work often have complex and critical safety and environmental control systems that must be protected to prevent major incidents. Chemical, biochemical and process engineers must therefore take responsibility for, and work with IT and cybersecurity professionals, to manage the cybersecurity risks associated with these systems.
The benefits brought by new digital technologies are incredible, and are continuing to transform chemical engineering in many ways, for example improving operational efficiency, reducing environmental impact, and allowing internal and external collaboration from any location. With the new opportunities also come new risks and cyber-attacks are a significant threat. The potential impacts of an attack include major safety and environmental incidents, reputational damage, loss of business data, and financial cost. With the overlap between IT and operational technology (OT) systems used by chemical engineers becoming increasingly apparent, it is more and more critical for chemical engineers to become cyber aware.
Ten reasons you must be cyber aware
- malicious remote access is as serious as a conventional process safety hazard;
- phishing or other attacks can compromise plant safety systems;
- change management processes must avoid risks of digital control systems being hacked;
- safe production of chemicals relies on cyber-secure digital tools and data sources;
- plants need physical and digital layers of protection for safe operation;
- production, assets, and safety can be significantly compromised by cyber-attacks;
- process automation and control systems must meet cybersecurity standards;
- remotely accessible measurements and controls introduce cybersecurity risks;
- both physical and digital assets need to be maintained and reliable; and
- incident response planning must consider both physical risks and cyber threats.
What should chemical engineers do?
Chemical engineers should undertake regular cybersecurity training and follow best practice. They should consider the periodic evaluation of system vulnerabilities, implement systems to minimise and manage risks, and detect and respond to security breaches. In short, they should be proactive, ask questions, learn more about the topic and get involved in discussions and planning for cybersecurity, thereby incorporating cybersecurity into their everyday jobs, much as the industry does with safety. Given the number of cyber-attacks on companies and organisations across the globe, companies are taking cybersecurity seriously, and so should our profession.
New cybersecurity fact file series
Developed by IChemE’s Digitalisation Technical Advisory Group (DigiTAG), the new series of fact files provides practical explanations of how chemical engineers can help to prevent and manage cybersecurity risks, including:
- cloud computing and cloud collaboration;
- remote access to IT and operational technology (OT) systems;
- cybersecurity incident response planning;
- data protection strategies and ‘defence in depth’;
- maintaining operational cybersecurity;
- cybersecurity standards;
- cybersecurity education.
DigiTAG urges you to take a look at the fact files which can be viewed on the IChemE website: www.icheme.org/cybersecurity
Are you interested in becoming an IChemE volunteer? Volunteers help strengthen our community and it’s good for your CPD. To browse the latest volunteering opportunities, visit: https://www.icheme.org/volunteering-opportunities
Recent Editions
Catch up on the latest news, views and jobs from The Chemical Engineer. Below are the four latest issues. View a wider selection of the archive from within the Magazine section of this site.
