Standards for safety and security

Standards help maintain data confidentiality and keep operational technology running

In recent times, there has not been a more critical need to have access to and use technology, for work, education and in healthcare, to help patients and protect healthcare workers, as the world adjusts to living during the COVID-19 pandemic.

Protecting data
Standards help IT and OT environments remain secure and functioning

Technology touches many aspects of our lives and generates masses of data. Statistics show that currently 3,5 billion smartphone users send messages, upload video and photo content and use other apps on their phones which create data. We use medical devices to monitor our health. The data gathered is stored and can be shared with healthcare professionals and used for research. We also make online purchases, reservations and financial transactions. To carry out all these activities, we must trust the technology with our personal information.

Furthermore, authorities, businesses and industry are increasingly implementing data analytics to improve their products and services. An IDC report indicates that worldwide big data and business analytics (BDA) revenue will be worth USD 274,3 billion by 2022. It underlines that banking, discrete manufacturing, professional services, process manufacturing, and federal/central government currently make the largest investments in BDA solutions.

Concerns around the entire data life cycle, including data quality, how it is generated, stored, shared, who can access it and how it can be used means it is vital to ensure data privacy and security.

Added to this, online transactions enable people to do business with people worldwide. As a consequence, a growing number of regulations must be adhered to, such as the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

However, these aren’t the only challenges faced. In addition to IT environments, where the focus is on maintaining data confidentiality, there are operational technology (OT) environments, where availability of data is paramount to ensure that systems can continue to produce.

The emergence of the industrial internet of things (IIoT) has resulted in the integration of physical machines with networked sensors and software. This has increased the possibility of computer failures, human mistakes, malicious attacks and natural disasters to affect physical systems.

The growing interconnectedness of technology has exposed manufacturing and industries such as power and utilities relying on industrial control systems (ICS) that use OT and IT.

In this issue we look at how international standards help organizations make sure the information they store about their customers, employees and business partners is secure. We examine the ISO/IEC 27000 family of standards, which provides guidance on how to establish an effective framework that ensures conformance with internal compliance as well as with external rules and regulations.

We also learn about how critical infrastructure, such as power stations, manufacturing plants and traffic light systems can be protected from innovative malware which targets industrial automation and control systems (IACS), by implementing global best practices found in IEC 62443, which is designed to keep OT systems running.

Further, we look at how different IEC international standards contribute towards products and systems which are being used to help fight the Covid19 virus, such as components found in medical devices and robots, the latter of which are starting to be deployed in some intensive care units.