15 – Managing Industrial Cybersecurity Challenges and Solutions with Gavin Dilworth

  • Updated on December 18, 2024  
Content
 
Heading 2 Example
Heading 3 Example
Heading 4 Example
Heading 2 Example
Heading 3 Example
Heading 4 Example
Share 0
Share 0
Post 0

This week episode is brought to you by Smithtek. 

Smithtek specializes in turn-key hardware and software solutions for remote asset management. Based in Perth, Western Australia, Smithtek offers web-based SCADA systems and supports a wide range of industrial protocols, serving industries like agriculture, mining, and industrial automation. Their adaptable and user-friendly systems make it easy to monitor and control assets—from pumps to sensors—ensuring reliable, real-time oversight from anywhere.

Learn more at: https://www.smithtek.com.au/3g

Follow SMITHTEK on LinkedIn

Phil Seboa and Ed Fuentes bring in Gavin Dilworth, a cybersecurity expert focused on industrial control systems, to discuss the critical aspects of cybersecurity in the industrial Internet of Things (IIoT). Gavin sheds light on the challenges of adhering to standards like IEC 62443, the importance of risk management, and the necessity for collaborative cybersecurity efforts.

Adhering to IEC 62443 Standards

Navigating the complexities of IEC 62443 can be daunting for any organization. Gavin Dilworth explains, "The documents sometimes exceed 300 pages, and many find it overwhelming." To streamline the process, Dilworth recommends focusing on specific sections such as 3-2 and 3-3, which cover risk management and the application of security controls. He also suggests considering the National Institute of Science and Technology Cybersecurity Framework (NIST CSF) as an easier starting point due to its free availability and user-friendly structure. Dilworth advises, "Focus on asset identification, risk scenarios, and risk management processes to build a strong foundation."

Collaboration Across Teams

Successful cybersecurity requires more than just technology; it demands collaboration across diverse teams. Dilworth highlights, "Cybersecurity efforts necessitate collaboration across IT personnel, cybersecurity experts, project managers, supervisors, and engineers." The gap in cybersecurity understanding, especially among process and functional safety engineers, needs addressing. He points out that many sites lack adequate measures, citing examples such as vulnerable modems and the indiscriminate use of USB sticks. Dilworth stresses the role of teamwork, stating, "Engaging all stakeholders in open dialogue and coordinating efforts can significantly enhance an organization's cybersecurity posture."

Importance of Preparedness

One of the biggest hurdles in cybersecurity is overcoming the sense of invulnerability. Dilworth encounters this mentality often, where entities believe they aren't targets for attacks. He counters this, emphasizing, "It's a matter of when, not if." With the increasing sophistication of attacks on critical infrastructure, preparedness is paramount. Drawing from examples like the Colonial Pipeline attack, Dilworth illustrates the potential impact of ransomware and the necessity of maintaining backups. "Implement the 'rule of 3' for backups: a live backup nearby, a copy, and an off-site backup," he recommends. This mindset shift from complacency to proactive defense is crucial for safeguarding against cyber threats.

Key Quote From The Episode

"It's a matter of when, not if." - Gavin Dilworth

Key Takeaways

  • Focus on sections 3-2 and 3-3 of IEC 62443 for risk management and security controls

  • Collaboration among IT, cybersecurity experts, project managers, supervisors, and engineers is vital.

  • Preparedness is essential; maintain thorough backups and anticipate cyber threats.

Wrap Up

Cybersecurity in IIoT demands focused attention on standards like IEC 62443 for robust risk management, the collective efforts of multidisciplinary teams, and a strong emphasis on preparedness. These measures will ensure your organization remains resilient against evolving cyber threats. Start by identifying critical assets, fostering team collaboration, and maintaining comprehensive backups.

About the Guest

Gavin Dilworth is a cybersecurity expert specializing in industrial control systems at YCSOT cybersecurity with Assessment Plus. Beginning his career in industrial automation, Dilworth transitioned into cybersecurity following a management suggestion. His experience includes working with PLCs, SCADA systems, and program development, making him exceptionally knowledgeable about the intersection of operational technology and cybersecurity.

Connect with Gavin on LinkedIn:

https://www.linkedin.com/in/gavin-dilworth/

About Our Sponsor

Smithtek is committed to providing reliable, Australian-made solutions for remote asset management. Our systems are designed to be intuitive and adaptable, making integration with existing infrastructure straightforward. We prioritize simplicity in user experience, ensuring that our technology is accessible for all levels of technical expertise.

For more information, visit:  www.smithtek.com.au.

Connect With Phil

Phil Seboa

Host

Phil Seboa is an automation enthusiast with a passion for Industry 4.0 and IIoT, with a background in Electrical and Automation. He has worked on projects ranging from electric motor modifications to high voltage transformer solutions for the Australian Power Grid. As a Sales Engineer at Phoenix Contact, Phil gained expertise in edge technology, automation, power reliability, and control systems. Currently, he is excited about the Ignition software platform's potential in the industrial sector and explores home automation using IIoT infrastructure. Committed to continuous learning, Phil actively engages with the automation community, sharing his knowledge and insights. Fun fact: Phil once drove a football team to a sponsored event at Wembley Arena and scored a goal on the pitch.

Ed Fuentes

Host

Ed Fuentes is an industrial automation expert with over 30 years of experience, currently a Technical Sales Executive at Inductive Automation Australia. He leverages Industry 4.0 technology to drive digital transformation in the Australian manufacturing sector. Ed has held key roles at ATS Global and Rockwell Automation, specializing in account management and technical sales. He holds a Bachelor of Engineering and a Post Graduate Diploma in Business Management from Swinburne University of Technology, and is certified in Ignition Core 8.1 and as a Cisco Certified Network Associate. Dedicated to continuous learning, Ed actively participates in industry communities. Outside work, he enjoys exploring culinary places, talking to chefs, and entertaining friends and family with his BBQ skills.

A smiling man in a plaid shirt faces the camera against a black background, reflecting the innovative spirit of Industry40.
Connect With Ed

More Episodes you May Enjoy

25 – How Industrial IoT Upgrades Are Transforming Timber Mills With Jarith Fry

24 – Build a UNS Demo with Arlen Nipper

23 – Exploring the Future of IIot and Automation with Benson Hougland

Page [tcb_pagination_current_page] of [tcb_pagination_total_pages]

First

Previous

Next

Last

NEW PODCAST SHOWs ANNOUNCEMENT!

We're excited to announce two new shows to the network:  Leadership podcast "Hey Jack..." hosted by retired President of Phoenix Contact USA, Jack Nehlig and Automation Ladies Podcast hosted by Ali G, Courtney Fernandez, and Nikki Gonzales.