The connection between cyber security and the Environmental Health and Safety industry is often overlooked but could have a catastrophic impact on a business’ operations, human health, and the environment. The US Department of Homeland Security (DHS) declared October to be National Cyber Security Awareness Month. Today, Cornerstone looks at the connection between EH&S, computer systems and how to protect your business. In today’s automated world, robotics and computer software control many processes within industrial facilities. This applies especially to the product production, but also the worker safety systems and monitoring of waste emissions. The solid, liquid, and gas emissions that result from production often are controlled and monitored by instrumentation on equipment, such as air scrubbers, wastewater treatment plants, and, hazardous waste incinerators. In 2014, DHS issued Chemical Facility Anti-Terrorism Standards requiring any establishments that possesses significant amounts of certain chemicals to report their holding and develop a security plan. These plans must include details on securing critical data related to applicable substances. Worker safety is often protected by energy control equipment, digital air monitoring devices, and safety modes on robotics. All of these types of equipment are becoming smart devices with the embedded processors and communication hardware that make them part of the Internet of Things (IoT) revolution. A cyber attack on these kinds of systems can have serious consequences beyond a mere data leak. A few wrong numbers sent to a hazardous chemical monitoring system; an overload to a radiation detection monitor; a sudden shutdown of an optical scanner safeguarding a worker’s hands at a drill press station, could all have catastrophic results. Equipping critical infrastructure with powerful security countermeasures is essential today when anybody can access an unlimited amount of information on objects connected to the internet. In fact, the search engine, Sodan, can instantly locate objects connected to the internet anywhere in the world. What could a hacker find at your business? As with all environmental, health and safety initiatives, cyber security starts with top down integration. Initiatives from the highest levels of management to include IoT security into the safety protocols are just the beginning of the protections necessary. Monitoring by in-house or external IT professionals is the major line of defense; however, every employee at an industrial facility should receive thorough training and must be on constant alert for signs of interference in their computer- controlled equipment. From Cornerstone’s experience, here are a few concrete steps that all industrial facilities can take to secure their IoT devices:

1. Ensure the process control systems are on a separate server or network from the computers used by office employees, especially those which receive email
2. Where possible, hardwired connections rather than wireless should be used
3. Avoid connecting critical systems to outside networks
4. Ensure a reliable backup power system is in place and well-maintained for all critical cyber systems
5. Allow only specified, authorized individuals access to the networks
6. Establish remote access rules and restrictions such as requiring use of a secure connection
7. Require password changes on a regular basis
8. Perform periodic audits of cyber security policies and procedures to ensure compliance and report results to upper management