Max Wandera, Director of the Cybersecurity Center of Excellence at Eaton
Our world continues to become more connected and electrified. In the next five years, analysts like IDC expect 41.6 billion connected devices will generate 79.4 zettabytes of data that will need to be maintained and processed. At the same time, our world is becoming increasingly electrified with the digitalization of building and transportation systems steadily increasing. Thus, establishing and maintaining a trusted online environment is a must and cybersecurity needs to be a critical consideration – just like safety and quality.
In the electrical industry, we see a crucial need for a unified, global cybersecurity assessment standard for connected devices because the security of systems is only as strong as its weakest link. The idea is to make sure all the components within a power system meet the same high cybersecurity standards. Electrical systems are made up of equipment from multiple manufacturers, so having a common standard is vital to create trusted environments.
Device manufacturers have a critical responsibility to ensure all product development follows a proactive and consistent enterprise-wide approach to cybersecurity. Only by adopting a secure by design method can we provide customers with confidence that their connected solutions meet rigorous standards to operate securely worldwide. To achieve this, cybersecurity risks should be managed through a Secure Development Lifecycle with protocols in place for threat modeling, requirements analysis, implementation, verification, and ongoing maintenance to manage risk.
The electrical industry needs a singular path to follow when it comes to designing and developing connected solutions. Having product development processes certified by a third-party gives customers confidence that their solutions are compliant with the highest-cybersecurity requirements before they ever leave the factory floor.
This isn’t a journey we want to embark on alone. Electrical infrastructure is an ecosystem that is often built upon a foundation of equipment from many different manufacturers. Customers need confidence that each company is delivering technologies that are compliant with industry standards. The bottom line is that all products and solutions need to be developed with cybersecurity in mind and connected products must be uniformly assessed with global standards that can be applied across industries.
Establishing global standards for cybersecurity is a collective effort. For example, we’re working with renowned standards leaders like UL, the International Electrotechnical Commission (IEC) and the International Society of Automation (ISA) Global Cybersecurity Alliance to drive a global conformance assessment standard to cybersecurity within our industry. We’ve also partnered with universities and research institutions to strengthen cybersecurity education and train the next generation of engineers to develop new security strategies for connected products.
The inherent challenge of managing cybersecurity risk is a continuous journey with constantly evolving complexities, threat scenarios and technologies. Together, through partnerships with organizations such as the Cybersecurity Tech Accord, we’re pioneering a new frontier of cybersecurity standardization that requires uniform product and system compliance, process certifications and field assessments – to ensure the connections we make in an increasingly digital world are secure.