Phil Seboa and Ed Fuentes bring in Gavin Dilworth, a cybersecurity expert focused on industrial control systems, to discuss the critical aspects of cybersecurity in the industrial Internet of Things (IIoT). Gavin sheds light on the challenges of adhering to standards like IEC 62443, the importance of risk management, and the necessity for collaborative cybersecurity efforts.

Adhering to IEC 62443 Standards

Navigating the complexities of IEC 62443 can be daunting for any organization. Gavin Dilworth explains, "The documents sometimes exceed 300 pages, and many find it overwhelming." To streamline the process, Dilworth recommends focusing on specific sections such as 3-2 and 3-3, which cover risk management and the application of security controls. He also suggests considering the National Institute of Science and Technology Cybersecurity Framework (NIST CSF) as an easier starting point due to its free availability and user-friendly structure. Dilworth advises, "Focus on asset identification, risk scenarios, and risk management processes to build a strong foundation."

Collaboration Across Teams

Successful cybersecurity requires more than just technology; it demands collaboration across diverse teams. Dilworth highlights, "Cybersecurity efforts necessitate collaboration across IT personnel, cybersecurity experts, project managers, supervisors, and engineers." The gap in cybersecurity understanding, especially among process and functional safety engineers, needs addressing. He points out that many sites lack adequate measures, citing examples such as vulnerable modems and the indiscriminate use of USB sticks. Dilworth stresses the role of teamwork, stating, "Engaging all stakeholders in open dialogue and coordinating efforts can significantly enhance an organization's cybersecurity posture."

Importance of Preparedness

One of the biggest hurdles in cybersecurity is overcoming the sense of invulnerability. Dilworth encounters this mentality often, where entities believe they aren't targets for attacks. He counters this, emphasizing, "It's a matter of when, not if." With the increasing sophistication of attacks on critical infrastructure, preparedness is paramount. Drawing from examples like the Colonial Pipeline attack, Dilworth illustrates the potential impact of ransomware and the necessity of maintaining backups. "Implement the 'rule of 3' for backups: a live backup nearby, a copy, and an off-site backup," he recommends. This mindset shift from complacency to proactive defense is crucial for safeguarding against cyber threats.

Key Quote From The Episode

"It's a matter of when, not if." - Gavin Dilworth

Key Takeaways

• Focus on sections 3-2 and 3-3 of IEC 62443 for risk management and security controls
• Collaboration among IT, cybersecurity experts, project managers, supervisors, and engineers is vital.
• Preparedness is essential; maintain thorough backups and anticipate cyber threats.

Wrap Up

Cybersecurity in IIoT demands focused attention on standards like IEC 62443 for robust risk management, the collective efforts of multidisciplinary teams, and a strong emphasis on preparedness. These measures will ensure your organization remains resilient against evolving cyber threats. Start by identifying critical assets, fostering team collaboration, and maintaining comprehensive backups.

About the Guest

Gavin Dilworth is a cybersecurity expert specializing in industrial control systems at YCSOT cybersecurity with Assessment Plus. Beginning his career in industrial automation, Dilworth transitioned into cybersecurity following a management suggestion. His experience includes working with PLCs, SCADA systems, and program development, making him exceptionally knowledgeable about the intersection of operational technology and cybersecurity.

Connect with Gavin on LinkedIn:

https://www.linkedin.com/in/gavin-dilworth/

About Our Sponsor

Smithtek is committed to providing reliable, Australian-made solutions for remote asset management. Our systems are designed to be intuitive and adaptable, making integration with existing infrastructure straightforward. We prioritize simplicity in user experience, ensuring that our technology is accessible for all levels of technical expertise.

For more information, visit: www.smithtek.com.au.