This piece was originally published in the November 2018 issue of electroindustry.
Michael Regelski, Senior Vice President and Chief Technology Officer—Electrical Sector, Eaton
Driven by rapid growth in connected, intelligent devices and decreasing costs of computing and connectivity, digital technologies are changing our world and our electrical grid. What electrical manufacturers are able to achieve today far surpasses what we’ve done and represents just a fraction of what we’ll be able to accomplish tomorrow.
At the heart of this innovation are all the “things” that generate, collect, and process data. Forecasts call for 31 billion connected devices by 2020.
In this world of amped-up connectivity comes an increased risk of cyber attacks on critical infrastructure. It only takes a single security breach to impact safety, lifecycle costs, and reputations.
Cybersecurity threats must be met proactively with a systemwide defensive approach specific to organizational needs. When selecting suppliers, it its critical to ensure they have a robust process for designing secure products.
Manufacturers need to address device security. The idea is to make sure all of the components within the power system meet the same high Standards. Electrical infrastructure is often composed of equipment from various manufacturers. If each manufacturer has a different view of what makes a device cyber secure, customers may be concerned about the safety of their installations.
In power distribution and control systems, suppliers who are truly dedicated to their customers’ success need to provide evidence that the products sold comply with industry cybersecurity Standards. This process builds trust and ensures the highest level of defense against emerging cybersecurity threats.
Eaton, for example, has maintained strict procedures at every stage of the product development process for years. This discipline has paved the way for collaboration with UL. We now have the capability to test Eaton products with intelligence or embedded logic to key aspects of the newly developed UL 2900-1 and 2900-2-2 Standards that apply to network-connected power management products.
Our customers across industries don't want to take chances with their systems. Providing independent, third-party authentication offers peace of mind. With products tested in specialized labs, customers can rest easier knowing that devices are compliant with industry cybersecurity requirements before they're installed in critical systems.
We recognize that no protection method is completely secure. A “defense in depth” mechanism that is effective today may not be effective tomorrow because the ways and means of cyber attacks constantly change. This is why manufacturers also need to be ever alert to changes in cybersecurity and work to prevent any potential vulnerability.
In many companies, security is an afterthought, made evident by the number of updates deployed for process miscues. Cybersecurity should be an integral consideration, with strict protocols placed on the people, processes, and technologies at every phase of product creation.
From inception through deployment and maintenance, the modern manufacturer needs to instill cybersecurity best practices via training, threat modeling, requirements analysis, implementation, verification, and ongoing support. Likewise, customers need to make periodic vulnerability and security assessments of deployed solutions on their sites.
The nature of cybersecurity is a continuous journey with constantly evolving complexities, threat scenarios, and technologies. For the sake of our customers and their critical systems, it’s important that we continue to embark on that journey together.