Contractor Cybersecurity Training – Why Do You Need It?

Aug 31, 2017


Today, we are going to talk a little bit about Contractor Cyber Training.  What’s in a good contractor cyber training course?  Why do you need one?  Why aren’t policies, practices, and contract language enough?

Today’s operators of industrial production facilities frequently utilize contract labor.  This means a number of contractors have physical access to the site.  Contractors could include your electrical contractor, your process automation contractor, your instrument and control technicians, or your electrical technicians.

As a point, remember contractors serve many clients, travel to many sites, have their own engineering tools, files, and copies of code.  If you grant contractors access to your network, you need to provide a level of due diligence to understand what they are going to access, why they’re going to access, and how they’re going to do it.  When working with contractors, it’s important to ask the question, what quality practices do they have in place in regard to cybersecurity and your network.  Important items to discuss with the contractor are access, authorization, and audit.  Additional items can include portable media, downloadable content, limits of authority,  use of subcontractors, and how does the contractor respond to anomalies that are experienced on the site that can effect the cyber protected system?

exida recommends a simple JCA – Job Cyber Analysis.  The Job Cyber Analysis is similar to the Job Safety Analysis.  The Job Safety Analysis is the process that governs personal safety as a work process that allows the worker to take personal accountability and responsibility for the tasks being performed.  For the Job Cyber Analysis, you will work with the contractor to answer the following questions:

  • How is access granted?
  • What skills are required?
  • What are the limits of authority?
  • What network classification that’s going to be accessed?
  • Downloadable content
  • Portable media
  • Sign off and Closeout

These are some of the key elements in a JCA that a contractor and a client can work on together to reduce the exposure to their cybersecurity system.  The JCA is a critical component in pragmatic cybersecurity having the right level of detail to control the risks in a meaningful manner.

This is just one more way that exida brings pragmatic solutions to meet your cybersecurity needs.[/vc_column_text][/vc_column][/vc_row][:zh][vc_row][vc_column][vc_column_text]No! They are not Inherently Safe!

A collaborative robot is intended to work “collaboratively” with a person. i.e. share a common workspace. It is force and speed limited by design to minimize any potential hazard. Collaborative robots fit the application where the task cannot be easily or cost effectively automated. They are easy to deploy, program and repurpose. Collaborative robots are new to everyone including the standards agencies.

A hazard and risk assessment is required that assesses the robot and the environment that it is deployed in. Just as any other robot, things such as collisions, speed, type of end effector and worksite need to be evaluated. Collaborative robots have their own sorts of collisions and hazards. They may not be as severe, but they still exist.

This all comes down to risk and the amount of risk that you are willing to accept! The diagram below shows the high-level steps for doing a Hazard and Risk Assessment. When following the steps, if you assess the risk and find it to be acceptable (your companies acceptable risk norms) then you are done. No need to add any risk reduction.

The next best approach is to determine if protective measures other than a Safety Function can reduce the risk to an acceptable level. If not, then you must assign a SIL and implement a safety function that will provide the required risk reduction.

exida can effectively train your team to perform machine hazard and risk assessments to identify all possible hazards and estimate the risk for each hazard. Specifically, exida coaches you through the process of evaluating the risk, developing and implementing risk reduction options. exida can also educate your team in multiple approaches to SIL target selection. These are just some of the things exida does to ensure you are on the right path![/vc_column_text][/vc_column][/vc_row] [:]

Submit a Comment

Your email address will not be published. Required fields are marked *

Keep Updated.