There’s not a workday that goes by without our IoT system architects, AWS specialists, and security professionals doing all they can to ensure that MSA Safety products and solutions are at the forefront of information security management best practices.
So, in honor of October being Cybersecurity Awareness Month, we asked Stephan Adler, MSA Safety io Operations Manager, about the importance of cybersecurity for FieldServer gateway and Cloud products. This is what he had to say.
When it comes to cybersecurity, what is MSA’s approach?
MSA takes cybersecurity very seriously. What we do in running the Cloud and keeping it secure starts with our Industrial Internet of Things (IIoT) cybersecurity pillars. Our information security management systems (ISMS) approach is holistic, extending all the way from who we hire to mandatory controls to our secure software development lifecycle. ISO/IEC 27001 promotes this comprehensive approach to information security, calling it vetting people, policies, and technology.” And that’s exactly how we approach cybersecurity, too.
What is ISO/IEC 27001 certification—and why does it matter?
ISO/IEC 27001 is the best-known international standard for ISMS practices. Getting certified is a big deal because it means an organization has passed an independent audit by an accredited body. It also means the organization is committed to managing information securely and safely.
MSA Safety io® is certified to ISO/IEC 27001 for the operation of MSA Safety’s Cloud platform, the secure handling of data in day-to-day business, and our software development practices. I’m also happy to share that we’re actively working toward this certification for FieldServer.
What role do system integrators play in ensuring cybersecurity?
It’s essential to have a product solution that enables communication with the Cloud in a secure way. That means encrypting data in transit and at rest. But keep in mind that security is not just for the Cloud. It’s also from site to end destination. For example, our annual FieldServer penetration testing follows ISO/IEC 27001 certification standards to ensure that everything between the FieldServer and our Cloud solution is encrypted.
We take great care to have best practice processes in place along every layer of development of our secure products, including FieldServer. But let me be clear: Cybersecurity is a shared responsibility.
In addition to choosing secure IoT devices and gateway products like the FieldServer, system integrators should want to ensure that their organizations have dedicated security programs of their own.
What cybersecurity tips do you have for system integrators?
In general, I would recommend anyone implementing FieldServer gateways and routers follow basic security principles. This includes the principle of least needed access. For example, before enabling remote access, ask yourself such questions as:
- Do we truly need remote access?
- If the answer is yes, then who exactly needs this remote access?
- Where do they need it from?
- Do they need remote access on the whole thing or is limited access to say, a temperature reading, enough?
- Is read-only access enough or do some stakeholders need write access instead?
Because we build security into our products, that means we give our customers—some of whom include very secure government sites—the tools they need to ensure robust cybersecurity measures. It’s up to them, however, to use these tools.
Q&A with Stephan Adler, Operations Manager, Safety io GmBH (a software subsidiary of MSA – The Safety Company)
- Read our Cybersecurity for Connected Automation white paper (https://us.msasafety.com/fieldserver-cybersecurity-for-connected-automation)
- Schedule a routine security checkup using this 7-point security checklist. (https://blog.sierramonitor.com/7-point-security-checklist-for-managing-plcs-through-vpn/)
- Reach out to us to learn more about the security of any of our gateway products or Cloud solution. (https://us.msasafety.com/fieldserver#contactUs)