Authorized Rockwell Automation Distributor


Shop Rockwell Automation Products


Rockwell Automation Company Banner





Rockwell Automation is a leader in automation. The company's domain expertise is built on decades of work across all industries and all regions of the world. They understand the factory floor and the business models that make it the most productive - and are fluent in the real-world production challenges customers face. Rockwell Automation also knows how to identify critical data, what it means and how to make it useful to industrial and enterprise users.

Rely on Rockwell Automation to provide a full scope of capabilities to deliver the solutions and services you need now and in the future.




ROCKWELL TRAINING

FactoryTalk
FactoryTalk View ME & PanelView Plus Programming
Joplin, Missouri
View Details
Studio_5000_Training_Profile
Studio 5000 Logix Designer Level 1: ControlLogix System Fundamentals
Cape Girardeau, Missouri
View Details
Studio_5000_Training_Profile
ControlLogix/Studio 5000 Logix Designer Level 2: Basic Ladder Logic Programming
Cape Girardeau, Missouri
View Details
Powerflex_Training_Profile
PowerFlex® 750-Series Configuration and Startup
Springfield, Missouri
View Details
Powerflex_Training_Profile
PowerFlex® 750-Series Maintenance and Troubleshooting
Springfield, Missouri
View Details
Studio_5000_Training_Profile
Studio 5000 Logix Designer Level 1: ControlLogix Fundamentals and Troubleshooting
Cape Girardeau, MO
View Details
Control_Wiring_Training_Profile
Basic Electrical Concepts
Cape Girardeau, MO
View Details
Studio_5000_Training_Profile
Studio 5000 Logix Designer Level 1: CompactLogix Fundamentals & Troubleshooting
Joplin, Missouri
View Details
Show All



ROCKWELL INSIGHTS

Is Your OT Software a Risk? Here's How to Tell

  • Aug 12, 2024, 12:35 PM

Does your OT cybersecurity strategy include routine software and hardware updates? If not you could be risking a fine of €10 million or 2% of global annual turnover1.

Why? Simple. By October 2024, all EU member states must have passed the EU’s Revised Network and Information Security Directive (NIS2) into law. And the new directive specifies fines of either €10 million or 2% of global annual turnover for organizations in breach of its rules. One of those rules clearly states that organizations that fall under the directive must have cybersecurity policies that include: 

“…cyber hygiene policies comprising of a common baseline set of practices, including software and hardware updates…”

More organizations than ever before are covered by the updated directive. This includes entirely new sectors such as telecoms, chemicals, wastewater, and food — all deemed either “essential” or “important” to the security and economic life of the EU. Article 7 of NIS2 further reinforces the fact that more organizations than ever will be impacted by the new directive: 

“The national cybersecurity strategy shall include strengthening the cyber resilience and the cyber hygiene baseline of small and medium-sized enterprises, in particular those excluded from the scope of this Directive…”

Bottom line? Almost every organization that runs operational technology in the EU needs to start thinking now about getting NIS2 ready or risk the consequences of a breach. 

Why are software updates a risk under NIS2? 

Operational technology (OT) organizations, whether manufacturers or infrastructure providers, often have hundreds or even thousands of devices on site. A recent report by McKinsey estimated that some energy installations have as many as 30,000 connected devices2.

Many of those devices may also contain smart, connected components including variable frequency drives, industrial switches, programmable controllers, industrial PCs, and so on. All these components may also have their own software and hardware.

Even smaller installations, including ones with relatively small production environments, may have hundreds of OT devices, unmapped and unmanaged. And if even one of these devices is running out-of-date software and that leads to a data breach, operational outage, or other significant problem, that’s a potential breach of NIS2, and subsequential fine.

How to mitigate risk and stay on the right side of NIS2 

The easiest way to mitigate the risk posed by out-of-date software, is to work with an IT cybersecurity specialist. The best way to do that is with a subscription that covers maintenance and updates.

With the right maintenance subscription, you get:

  • Instant access and push-installation of the latest software and firmware updates, which helps keep a pulse on the dynamic OT cybersecurity threat landscape. Instant access to the latest software and firmware updates is crucial because it helps ensure that security patches and enhancements are applied as soon as they become available. This immediacy can significantly reduce the window of opportunity for cyber attackers to exploit known vulnerabilities. Push-installation further streamlines this process by automating the update deployment, confirming that all devices within the OT environment remain at their highest security posture without requiring manual intervention. 
  • Support from industry-leading security engineers and consultants: the complexity and specificity of OT systems demands a high level of expertise to navigate their unique security challenges. Access to industry-leading OT security engineers and consultants provides organizations with a wealth of knowledge and experience to draw upon. These experts can offer tailored advice, from strategic planning to incident response, helping ensure that security measures are not only compliant with the NIS2 directive but also aligned with best practices and the latest research in the field. Their support can be instrumental in identifying potential vulnerabilities, recommending mitigation strategies, and enhancing the overall resilience of OT environments against cyber threats.
  • Tools that make finding and securing all your devices easy and fast: these tools enable organizations to maintain an up-to-date inventory of their OT assets, monitor their status in real-time, and swiftly identify any irregularities that could indicate a security breach. By simplifying the process of securing OT devices, these tools not only enhance operational efficiency but also confirm that all components and equipment, regardless of their role or location within the network, are adequately protected. 
  • To get you ready for NIS2, the right OT/IT consultant will help you audit your network to find any hardware, firmware, or software risks. They’ll then work with you to plug these gaps, document your security and compliance work, and bring you up to code for NIS2. 

Rockwell Automation is one of the market’s leading providers of OT security, compliance, and risk management services. Our specialists, consultants and engineers have the tools, experience, and technology to help you get ready for NIS2. That includes everything from formulating compliant policies and procedures, through rapidly discovering and updating obsolete software and firmware, network wide, right up to the task of hardening and documenting your security posture for NIS2 compliance. 

1 Directive on measures for a high common level of cybersecurity across the Union (NIS2 Directive) - FAQs

2 By 2025, Internet of things applications could have $11 trillion impact

To find out how we can help with your cybersecurity hygiene including having your software and firmware up to date and address the many other aspects of hardening your OT cybersecurity posture in preparation for NIS2, get in touch with us now. 

Learn more about the EU-US Join Cyber Safe Action Plan HERE.

Article Source: Rockwell Automation