Industrial Automation Security: Why It Must Be a Top Priority

In the wake of COVID‑19, industrial automation has accelerated faster than ever. While this shift boosts efficiency, it also introduces new security risks that can jeopardize mission‑critical operations.

“When it comes to automation and industrial control systems (ICS), there is no doubt haste makes more than waste,” cautions Dan Miklovic, analyst at the Analyst Syndicate. “It can lead to catastrophic or even deadly outcomes.”

Historically, human oversight kept critical systems running. Chris Catterton, director of solution engineering at ONE Tech, notes that automated monitoring now outperforms manual checks—detecting a torque value a few pounds off or a high‑frequency bearing squeal that a human ear cannot hear.

Yet, neglecting security in automation can be perilous. Hobbyist electronics simplify machine control but also expose familiar attack surfaces. Miklovic warns that plug‑and‑play solutions lacking built‑in security open a floodgate of vulnerabilities. Catterton adds that such products can become a playground for cyber‑criminals.

AI Deployments Require Careful Oversight

Rushing AI into industrial workflows is risky, especially when data‑science talent is scarce and experienced operators are sidelined by COVID‑19 restrictions. Miklovic stresses that trainers often miss critical safety information, leading to unsafe AI behaviour.

Even in optimal conditions, software can contain 1–10 bugs per 1,000 lines of code—see “The Fifth Domain.” Mission‑critical systems like spacecraft still exhibit this defect rate. With millions of lines of code, the margin for error shrinks; failure can be catastrophic.

History offers stark reminders. The 1996 Ariane 5 disaster cost about $300 million when reused software failed to handle the rocket’s higher launch speed. The 2019 Boeing 737 Max grounding cost Boeing $18 billion after outsourcing software to $9‑an‑hour developers, leading to two fatal crashes involving 346 victims.

Remote Access Expands the Attack Surface

Expanding remote access, often via tools like Zoom, can expose trade secrets and operational data to cyber‑criminals. Miklovic points out that public‑internet exposure of control systems is a “known attack target.” Mark Carrigan, COO of PAS Global, notes that such systems act as the last line of defense for processes operating beyond their limits, and therefore must be tightly secured.

Phishing attacks also rise as more employees gain privileged access. Carrigan warns that social‑engineering campaigns can harvest credentials to infiltrate control environments through increasingly accessible remote gateways.

Sector‑Specific Threat Landscape

Critical infrastructure—nuclear, oil, and chemical plants—typically has established protocols and regulatory oversight, making them less prone to rapid change. Energy utilities, for example, must comply with FERC and NERC cybersecurity standards.

Conversely, HVAC, lighting, and plant systems have long been remote‑managed and may be less affected by social‑distancing mandates. The “middle tier” of industrial operations is experiencing the most rapid automation and remote‑work adoption, driven by pandemic pressures, says co‑founder of the Analyst Syndicate, French Caldwell.

Strategic Considerations

Each organization must balance the benefits of digitization against the risks of slow or rushed deployment. “Automation is becoming inseparable from physical assets,” says Nitin Kumar, CEO of Appnomic. “Failing to integrate adequate digital processes will create an inefficient operating model.”

Collaboration between engineering and IT is essential, especially during crises. Caldwell urges joint teams to align reliability and security with system criticality. Post‑pandemic, firms will have the bandwidth to reassess and expand automation and remote access, enhancing resilience against unforeseen contingencies.

From a business perspective, stakeholders demand higher resilience amid uncertainty. Kumar notes that shareholders will continue to push for robust automation, while security must be built into the design from day one. Sean Peasley, partner at Deloitte, emphasizes that “security should be a functional requirement from the outset,” not an afterthought.

In summary, industrial automation can deliver remarkable gains—but only if security is embedded in every phase of deployment. Careful planning, rigorous testing, and cross‑departmental collaboration are the keys to safeguarding operations while reaping the benefits of automation, AI, and remote access.