PS: We seem to be living through a moment where physical security is pushing cyber from the headlines. If plants are not preparing for a worst-case scenario from a bombing attack via drones, as happened about a year ago in Saudi Aramco, they’re also adjusting to this post-COVID world, where health and safety best practices are evolving quickly. So given these pressures, how are plants balancing their cybersecurity efforts with these new and more physical threats?
BD: That is a good question. I would actually push back on that question slightly. I think there is a perception that cyber is being pushed from the headlines slightly, but what I would say is that, from our experience, the number of cyber attacks continues to rise year on year. And the impact of those attacks also continues to rise, whether that’s safety impact, business impact, or financial impact.
We see lots of incidents, but there’s no obligation for the owners and operators to disclose the incident. The incidents that you see in the media are often just a small percentage of the incidents that you actually see in the public eye. We know of many serious incidents that you’ll never read in the headlines and for good reason, really. So, what I would do is say that cybersecurity is still a priority for many organizations. It’s their number one risk, and it’s something that they’re dealing with every day.
PS: How are advances in cybersecurity enabling improved energy management by plant teams?
BD: Energy management is all about understanding your assets. It’s not just about how much energy is being generated and consumed, but working out why you’re using so much energy, how are you consuming it, and how you can consume it better. So, it’s not just monitoring your energy usage – you’re optimizing how you use that energy, how you generate heat, and how you store energy as well on your industrial site.
What this means is that you’re connecting more of your assets together to collect valuable data, and this data becomes very valuable to the organization. Owners and operators need to consider the criticality of that data and the benefit to the organization. Should that data be corrupted or no longer available through the cyber attack, then what would the implications be to the organization?
It’s not just an operability issue, it’s an information security issue on that critical data. What ABB do is, they approach this by making sure that those digital solutions have cybersecurity embedded into them. We have minimum cybersecurity requirements for products, projects, and services that align with industry best practice, so that we can ensure that any products or projects that we deliver have been tested for security.
PS: What are one or two things that you would recommend to plant teams who are starting that journey for big data and remote analytics?
BD: Ask the question, “What is the problem that I’d like to solve, as a result of implementing digital where any other solution couldn’t?” If you’re already on that journey, I would be looking back and reviewing and saying, “Does my digital solution so far answer the question? Is it solving the problem that I want to solve as a result of a digital solution?”
In a recent study, we found that less than 20% of organizations have more than a third of the employees actually trained in digital, and trained in their digital strategy as an organization. But, more than 60% of our customers actually have a digital strategy, so there’s a mismatch between customers in heading out on the digital journey, but not really taking their employees with them. If you’re already set out on your digital journey, I also would look back and say, “Are my employees aligned with our digital strategy, and trained to understand it and sell it to their customers in the wider organization?”