The Cybersecurity and Infrastructure Security Agency (CISA) has announced a new collaboration with AVEVA, a leading industrial software company, to bolster the security of process optimization systems used in critical infrastructure sectors like energy, manufacturing, and water treatment.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a new partnership with AVEVA, a global leader in industrial software, aimed at strengthening the security posture of process optimization systems. These systems are the digital brains behind industrial operations, controlling everything from chemical production to power grid management. The collaboration focuses on integrating security-by-design principles into AVEVA's widely deployed Process Optimization software, a move that could have significant implications for the resilience of critical infrastructure worldwide.
Process optimization software sits at the heart of industrial control systems (ICS). It uses real-time data from sensors and actuators to adjust processes for maximum efficiency, yield, and safety. A breach in such a system could lead to catastrophic physical consequences, from environmental disasters to production halts. "The convergence of IT and OT (Operational Technology) has expanded the attack surface for industrial facilities," explains a CISA official in the announcement. "Our partnership with AVEVA is about embedding security directly into the tools that manage these critical processes, rather than bolting it on as an afterthought."
AVEVA's Process Optimization platform is used by thousands of facilities globally. It leverages advanced algorithms and machine learning to model and control complex industrial processes. The software typically integrates with existing SCADA (Supervisory Control and Data Acquisition) systems and programmable logic controllers (PLCs). Under the new initiative, AVEVA will work with CISA to develop and distribute security hardening guidelines, conduct vulnerability assessments specific to optimization algorithms, and create shared threat intelligence feeds tailored to the industrial sector.
For engineers and security professionals managing these systems, the practical takeaways are immediate. First, organizations using AVEVA's optimization tools should review their current configurations against the new CISA-AVEVA security guidelines, which are expected to be published on the CISA website and AVEVA's resource portal. Key areas of focus will include network segmentation for optimization workstations, robust authentication protocols for accessing the optimization models, and rigorous patch management for the underlying software stack.
Second, the partnership highlights the importance of monitoring for anomalous behavior within the optimization layer itself. Unlike traditional IT systems, where anomalies might indicate a malware infection, in an OT environment, a sudden change in an optimization setpoint could be a precursor to a physical safety incident. Security teams should work with process engineers to establish baselines for normal optimization behavior and deploy monitoring tools that can detect deviations. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) provides resources for this kind of anomaly detection.
Finally, this collaboration underscores a broader industry shift. As critical infrastructure becomes more digitized, the responsibility for security is no longer solely the domain of IT departments. Software vendors like AVEVA are taking an active role, and agencies like CISA are facilitating these partnerships to raise the baseline security across all sectors. For any organization relying on process optimization, the message is clear: security must be integrated into the operational fabric of the plant, from the sensor to the software. Engaging with these new resources is not just a best practice—it's a necessary step in protecting the essential services we all depend on.
Comments
Please log in or register to join the discussion