Integrating Cybersecurity into New Construction Projects, A New Approach to Safety and Risk Management
By Keon McEwen, Head of Product Development, Industrial Cybersecurity
Organizations in critical infrastructure own and operate some of the world’s most critical and vulnerable infrastructure systems, which now face new and evolving threats from cyberattacks, especially in their operational technology (OT) devices, systems, and networks.
As a leader in the engineering, procurement and construction (EPC) industry, Black & Veatch is revolutionizing industrial cybersecurity by moving the “starting line” to the beginning of asset development. By advancing cybersecurity to the forefront of a new construction or major modernization project. Black & Veatch’s holistic portfolio of services enables organizations to plan and design cyber protection during the engineering phase, ensuring that it’s strategically built into the new infrastructure.
This unique proposition is based on the premise that built-in cyber protection is significantly more effective than when bolted on later. This approach “bridges the gap” that organizations in critical infrastructure typically face by making cybersecurity an integral part of the complete EPC process, starting at the initial planning and development stage, rather than being an afterthought once a facility is commissioned. In this manner, organizations are elevating cybersecurity to its proper role of protecting critical infrastructure.
Building in Long-Term Cost Savings
Today’s cybersecurity has a strong emphasis on visibility, control, monitoring, artificial intelligence (AI) capabilities, millisecond threat detection and more. The myriad of devices and tools needed to connect all of this together can be expensive and time-consuming to add to existing facilities, especially for OT devices far out in the field. But with this proactive outlook of integrating cyber into the network as the facilities are being built, organizations have the opportunity to benefit from significant cost savings in the long term.
As cybersecurity emerges as one of the most necessary risk management programs of any organization, it only makes sense to build the best cyber protection into today’s new critical infrastructure – as the facility is being designed and engineered.
As organizations in critical infrastructure continue to implement OT cybersecurity programs in their existing infrastructure, they are becoming more aware of [MRS1] the vital role cybersecurity will play for decades to come. The unique approach of implementing cybersecurity during new construction is crucial as future technology advancements are adopted.
Bridging the Gaps in Meaningful Ways
This comprehensive approach allows organizations to not only perform assessments to identify their gaps, but subsequently also address the design and implementation of the programs needed in the field to fill in those gaps.
When it comes to implementation, organizations should partner with a third-party integrator, that works with technology providers, OEMs, and OT cyber practitioners to ensure the technology and tools installed are not only satisfying requirements of functionality for operations, but are configured, monitored, and tailored to meet industry requirements and cyber resiliency goals. This creates long-term synergies that result in robust and flexible defenses for their assets.
The Benefits of Integrating Cybersecurity into New Construction
Beyond the long-term cost savings, there are a multitude of benefits from designing in cybersecurity during the planning stages. It elevates risk management to new levels as cyber protection takes a seat at the table. Understanding and managing cyber risk translates to a quantifiable view of what risk looks like and its resulting mitigation efforts. Risk management means making the right investments for the future while implementing the necessary security controls.
Facility management can have the confidence of operational integrity by designing a facility that performs as expected, with processes and training in place to alert them of any deviations from the baseline.
A modern facility with built-in cybersecurity can also prevent economic harm. When systems in critical infrastructure don’t perform as expected, the outcomes can be catastrophic. Whether environmental, biological, or economical, the consequences of a successful cyberattack can not only impact the facility, but also the surrounding communities and the people living there. Mitigating and preventing these outcomes should be of utmost importance for the organization’s leadership and the facility’s management.
A Critical Focus on Safety
Industrial cybersecurity is about safety, and safety is vital element at the core of critical infrastructure industries. It is also another risk management program any organization should implement to ensure the safety impacts of OT systems are mitigated and monitored properly. Built-in cybersecurity addresses the challenges of today and gives the facility a big advantage to face the cybersecurity challenges of the future.
To learn more about how Black & Veatch can help design, implement, and manage a robust cybersecurity program for your next new construction or major modernization project, reach out to connect with our Industrial Cybersecurity experts.