As I consult with clients I talk about people, process, technology, but I also bring up cultural change within Industry, Business, and Society in an effort to help Executives, Managers and Operators of Industrial systems to start to understand how they can affect change to be able to adopt a culture that is focused on secure protection of their systems to the same extent they have a culture today towards safety.

Safety and Security go hand in hand.

As we are directly inside the fourth industrial revolution, Industry 4.0, I look to history to teach me, to remind us that cultural changes have always happened throughout history. If we reflect on the past, we can clearly see our future as history tends to repeat.

I hear often from clients that cyber security cannot effect change or block any network traffic within their Cyber Physical systems, because they are engineered for purpose, and such changes or blocking could cause significant outages, impact operations, and potentially cause safety issues to human life on the plant floor or operations. Automation in context to security is a dirty word to operators, I try not to use the word, yet work to imply the industry is changing, and culture is changing. We all adapt to change, some embrace it, deny it, or simply don’t want to accept it. Change for most of us isn’t embraced until we gain understanding and convince ourselves that it is needed. I knew for a long time that I needed to change from my previous employer of 19 years to change myself for the better, what held me back, was fear, uncertainty and doubt. I doubted in myself that I could change.

Let’s use one example of where safety culture originated, during 1919 in Canada, many men were returning home from World War I. They came home to a devastated country, that was in economic ruin with inflation running rampant. Many of these men couldn’t find jobs, and even if they were employed, they couldn’t make ends meet, didn’t have proper food or shelter, they faced discrimination because the workforce were mainly immigrants. If they found a Job in Winnipeg, the conditions they worked under were harsh and many of these men lost their lives to the equipment and systems they were operating at the time. Winnipeg was the Industrial center of Canada at the time.

I am a Proud Canadian and a world citizen, I work in Security, and more specifically Cyber Physical systems Security because I love life, people, and the world we live in. I hope my efforts help make this world a better place for all of us. 30,000 people in Winnipeg wanted a better life, and they fought for it, which helped change culture for the better.

Police Action during Winnipeg General Strike, 1919 – Wikipedia

The Winnipeg general strike of 1919 was one of the most famous and influential strikes in Canadian history. For six weeks, May 15 to June 26, more than 30,000 strikers brought economic activity to a standstill in Winnipeg, Manitoba, which at the time was Canada’s third largest city. In the short term, the strike ended in arrests, bloodshed, and defeat, but in the long run it contributed to the development of a stronger labour movement and the tradition of social democratic politics in Canada. – Wikipedia

As a direct result of the strike, during the second industrial revolution, the labour movement helped create the safety culture we have in Canada and around the world. Similar strikes happened around the world, The workers conditions improved over time, to where safety culture is systemic within the culture of all operational organizations today. I personally embrace companies that enforce safety briefing prior to being allowed on-site to any of their locations because I cherish human life, and understand the history behind safety culture and how it was born.

Today, during the 4th Industrial Revolution, Industry 4.0, systems are being interconnected to bring about digital transformation, which collapses business silos of the past (People), interconnects systems from customer relationship management, supply chain systems, manufacturing resource planning, process automation systems, and physical (Processes). In many cases Technologic change also is happening within these systems at the same time, bringing about changes where people are asked to embrace technology they are unsure of because they lack knowledge of these systems, and lack cross-domain expertise within the Information system to have confidence in their deployment within their domain, Operations.

Proposing systems that create automated change clearly at this time is rejected because we are in the middle of a transition, and we haven’t mutually learned enough yet to be able to embrace this change.

Going back to the Winnipeg General strike, change was slow, yet change happened. Today, we would never allow companies to operate the way they did in 1919.  It took empathy, cross-functional knowledge, cross-domain knowledge and a desire for change across the entire Industry, and people embracing change from the executive management to the workers to enable a safety culture, which is systematic today.

Security of Cyber Physical Systems has evolved from segmentation of processes in the network (Zones, Cell Areas), to network visibility, and Intrusion Detection Systems. All these systems were very much passive systems that required human intervention. As digital transformation accelerates these systems of the past can not keep up with the current or future needs of our system automation. We need to think of Systems of Systems, and System Automation as a whole, meaning Security should be considered for automation just like all other processes. The key here is measurement, accuracy, and alignment to Safety.

I use the words system automation, because transitioning from the second to the third industrial revolution, which is computerization of processes and physical systems in the 1970s to 2000’s required cultural change to be able to accept automated computer systems that control physical processes.

I wasn’t in the industry in the 1970’s, but I am certain that there was push back then in terms of change. Engineering always used physical systems and physical safety via physical means. I am sure it took a leap of faith for those engineers to accept computerization, cultural change happened during this stage of the industrial revolution just as cultural change is happening today.

We are on the cusp of the next evolution, which is active participation that brings context to process automation, and all systems associated with the physical processes of producing products, widgets, and outputs for Industrial organizations. We have automated processes in the 3rd industrial revolution slowly based on building trust for computerization, to the point now where no one would consider building a plant or operations without use of automation today.

Trust, and building trust between domains and functions within business will allow us to embrace the change required to go from passive controls where human intervention is required every time, to semi-automated controls where Risk is calculated, controlled and understood to be able to protect systems from common attacks, and concerns. It’s not to say that everything at this time will be automated, it will take time, it will take trust, and it will take understanding across the entire organization from the executives to the operators of these systems and processes.

My message to all of us today is to not fear change, nor doubt it. Question it, analyze it,  be critical of it, help guide it, but don’t try to stop it. Change is inevitable. Just as Automation was the future in the 1970s, Cyber Physical automation is today, and Cyber Physical Security automation is the future we are all headed towards. Embrace change, create the future. S4’s tagline this year really struck me, we are all responsible for creating the future. Let’s leave it better than we found it.

Michelle Balderson

Michelle Balderson is a unique, passionate, highly motivated individual who cares about people. I'm diverse by nature and strong to my core. Supporter of Diversity & LGBT+ Full of color and emotion, while being very focused on Business Outcomes. Strategic advisor with depth of skill within Information Technology and Operational Technology Security. Highly passionate individual who cares about people, while bringing focus to people, process and technology to help solve our business challenges today. Too often we are led by hype of the Industry, rather than focusing on process. It's imperative that we gain visibility to bring control to our environments where we have actionable intelligence to make strategic business decisions and changes to strive and grow within this ever complex and competitive business environment. Security should be a part of the fabric of business, rather than a bolt on after thought. My objective in life is to ensure Security is elevated beyond the product and technology approach most organizations take today. Security should be a trusted advisor to the business. Michelle is a seasoned professional who is process driven with a technical acumen. She is currently Global Security Executive at OTORIO, where she focuses on consulting Enterprise clients on Risk to their Operational Environment. She’s known for her knowledgeable approach to security solutions well beyond simple technology discussions. She coaches clients to think beyond the technology, focusing Risk to the business objective, in combination with foundational security principals. She strongly believes it is important for you to understand what assets need to be protected, why they need to be protected, and what Risks in context to Business Objectives. Michelle has supported the deployment of cybersecurity solutions for IT and OT organizations globally. She is known for thinking beyond technology to the people, process and corporate culture that will be impacted with change. She is driven to align projects to the business objective and desired outcome rather than industry hype.