Industrial organizations are operating in ways they scarcely could have imagined a few decades ago. They are converging historically separate information technology (IT) and operations technology (OT) systems, and using mobile, analytics and cloud to increase connectivity and information sharing. This is significantly improving operations but also creating more potential entrance points for security threats. 

To address this, Rockwell Automation has developed a three-step approach for building an industrial security program that extends from the enterprise to the plant level, and helps mitigate risk across people, processes and technology. The three steps include:

  • Security assessment: Conduct a facilitywide assessment to understand risk areas and potential threats
  • Defense-in-depth security: Deploy a multilayered security approach that establishes multiple tiers of defense
  • Trusted vendors: Verify that your automation vendors follow core security principles when designing their products

“We think of industrial security as a layered model and seek to create a unified infrastructure for customers,” said Lee Lane, chief product security officer, Rockwell Automation. “Our approach takes into account the connections between network security, as well as the physical security and safety in industrial areas.”


For industrial organizations, security threats will continue to evolve. To keep pace, a holistic security program should evolve with and stay ahead of the changing threat landscape. Following the three-step approach will help organizations establish a program that can help protect intellectual property, facilities, assets, employees and competitive advantages into the future. 

An e-book outlining the three-step approach is available on the Rockwell Automation online newsroom.