What's missing from the phrase, 'Health, Safety and Environment” (HSE)? The answer: 'security.' Or better yet, cybersecurity. I live for the day when organizations cannot think of HSE without also thinking cybersecurity, especially on the operational technology (OT) front.  

I know from personal experience that the clients and industries I work with are obsessed with safety, and for good reason. One mistake at a manufacturing plant, a refinery or in a distribution system could cost lives and wreak havoc on the environment.  

An issue that affects everybody

Energy generation and transmission systems, hospitals, life sciences companies, water supply systems, the data centers that serve our internet needs are all essential to our everyday lives and our health and safety. I love the culture I see in all of them. You know how important safety is when you visit these places, which I've done a lot. You need to go through a safety briefing before you can even set foot on a production floor. But they don't often talk about safety in terms of security. Hate to say it, but cybersecurity is too often an afterthought, even during big mergers and acquisitions, which I find surprising.  

<<< Start >>>

You can have a failure because you didn't change the lubricant in a machine, and you can have a failure because some kind of cyber event disrupts that machine or every machine in the factory: either way the outcome is a loss of operational integrity.

<<< End >>>

This is precisely why cybersecurity needs to carry the same priority as personal safety. Every day, industrial operations face threats from ransomware, insider attacks and attempts to remotely take over or disable their operations. There's absolutely no question that if any of these attacks are successful, HSE issues will follow. 

Not long ago, a ransomware attack on Ireland's health system caused the shutdown of all its IT infrastructure nationwide. It was the largest known attack against a health service computer system and took four months to completely remediate. Of course, the SolarWinds attack is more well known, and for good reason: it impacted tens of thousands of companies. And as we all have seen, ransomware attacks know no boundaries, as one caused the shutdown of critical infrastructure moving gasoline, jet fuels and refined products from the southern United States up the entire East Coast. This further illustrates my point that HSE should really be HSES: Health, Safety, Environment and Security.

Cybersecurity is a little like fishing

Fishing ever since I can remember has taught me to be patient, persistent and prepared, because you never know when you will hook the big one! It is the same with cybersecurity. Cyber criminals are getting smarter every day, and to make things worse, emerging threats have no expiration date. So, in this example, we are the fish and they are the angler. The 'wiper' software coming out of Ukraine will remain available indefinitely. Some groups may improve on it, some may reuse it, some may even 'rent' it—but rest assured, it will be available 'off the shelf' for many years to come. 

This brings us to operational integrity

The concept of operational integrity is something we're going to be talking a lot about at our upcoming OperationNext:22 summit, an annual virtual event focusing on OT cybersecurity. To be held this year on March 23, it will bring together board members, industry luminaries, forward-thinking CISOs and Accenture subject matter experts to discuss practical ways to cyber-secure OT networks. The tracks include designing resilient architecture, building an OT security program from the top down and implementing effective end-to-end OT SecOps.  We’ll conclude the day with a special session: Critical Infrastructure Cyber Sprints—What’s Next? This will include government and industry leaders discussing the U.S.’ 100-day cybersecurity sprints, what’s next for hardening the most vulnerable critical infrastructure and strategies for developing cyber standards in a heightened geopolitical threat environment. 

All these subjects will help you on your journey to operational integrity.  

Final word

Transportation, banking, Internet, fuel to heat our homes, water to drink and grow our crops—none of this works without critical infrastructure, and all are vulnerable to cyberattack. This is why cybersecurity should be a critical part of HSE planning, or should I say HSES?   

For more on OT cybersecurity, please consider attending our virtual summit on March 23, 2022.  

 

Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Follow us @AccentureSecure on Twitter, LinkedIn or visit us at accenture.com/security. 

Accenture, the Accenture logo, and other trademarks, service marks, and designs are registered or unregistered trademarks of Accenture and its subsidiaries in the United States and in foreign countries. All trademarks are properties of their respective owners. All materials are intended for the original recipient only. The reproduction and distribution of this material is forbidden without express written permission from Accenture. The opinions, statements, and assessments in this report are solely those of the individual author(s) and do not constitute legal advice, nor do they necessarily reflect the views of Accenture, its subsidiaries, or affiliates. Given the inherent nature of threat intelligence, the content contained in this report is based on information gathered and understood at the time of its creation. It is subject to change. Accenture provides the information on an “as-is” basis without representation or warranty and accepts no liability for any action or failure to act taken in response to the information contained or referenced in this report. 

This document is produced by consultants at Accenture as general guidance. It is not intended to provide specific advice on your circumstances. If you require advice or further details on any matters referred to, please contact your Accenture representative. 

Copyright © 2022 Accenture. All rights reserved. 

Jim Guinn

Senior Managing Director – Security, Strategy & Consulting Lead, Accenture

Subscription Center
Subscribe to Security Blog Subscribe to Security Blog