[ID] => 10207
[post_author] => 34
[post_date] => 2018-10-15 09:24:17
[post_date_gmt] => 2018-10-15 08:24:17
[post_content] => Back in the days before the internet, restless youths had to make their mischief on the streets, stealing road signs, frightening old ladies or making a noisy nuisance after dark. But with new technology came new ways of making mischief. One of the most remarkable bits of information I have picked up recently is that there are tools available on the internet that will allow anyone to become a hacker in the space of a weekend.
As digitisation and Industry 4.0 concepts gain increasing traction in the dangerous goods supply chain – as we saw in great detail in last month’s HCB – the threat posed by hackers is ever more significant. And it is not just spotty teenagers in bedrooms, generating malware that might just impact your IT systems: there are some nefarious players out there in the dark, who might want to hold your IT system to ransom, and others with more geopolitical aims who may well have a yen to bring down the capitalist system – and your company with it.
So, while we have been talking a lot in these pages about digitisation over the past two years, the conversation has more recently opened up to incorporate cyber-security issues. Not before time, too: don’t forget that all high-hazard facilities covered by the Seveso III Directive in Europe – and similar provisions elsewhere in the world – have a duty to address cyber-security, just as they do physical security threats.
Like many in the business, I suspect, I am not an expert in cyber-security and I console myself by thinking that there is someone in a room somewhere in the organisation with a responsibility (and the knowledge) to take ownership of the problem. At least, I hope there is, because I don’t really have the time – or inclination – to come up to speed on the technical issues involved.
But I did receive some succour from the UK authorities at a recent conference. It reminded me of a time I was sharing a podium with a rocket scientist. I asked him about his profession and he leaned in conspiratorially. “The thing about rocket science,” he said, “is that it’s not ‘rocket science’.”
Similarly, it seems that cyber-security, despite its off-putting name, is not rocket science. For a start, any competent IT department ought to be able to put in place measures to protect against 80 per cent of cyber-attacks very quickly. Covering the remaining 20 per cent may take more time (and money) although, as with physical security, 100 per cent protection is unlikely to be feasible.
With increasing use of remote sensors to deliver data to control systems, many companies are laying themselves open to cyber-attack. Those vulnerabilities have to be identified before they can be managed, just as many companies have to identify and mitigate physical security vulnerabilities. In fact, they may well find that the assessment of cyber-security vulnerabilities is a whole lot easier than doing the same for physical security vulnerabilities, although the response to the assessment will necessarily be different.
But management of change will still be important: any change to a company’s IT network has the potential to open up new vulnerabilities, even if the greatest vulnerabilities will continue to be found at employees’ desktop and laptop computers. Be prepared for more restrictions on how you use the internet at work. Peter Mackay
[post_title] => Digital letter from the editor
[post_status] => publish
[comment_status] => open
[ping_status] => open
[post_name] => digital-letter-editor
[post_modified] => 2018-10-13 14:27:32
[post_modified_gmt] => 2018-10-13 13:27:32
[post_parent] => 0
[guid] => https://www.hcblive.com/?p=10207
[menu_order] => 0
[post_type] => post
[comment_count] => 0
[filter] => raw
Digital letter from the editor
// By Peter Mackay on 15 Oct 2018
This content is for FREE Membership and Premium Membership members only. Log InRegister