Last week Hubbell Control Solutions (“HCS”) kicked off Cybersecurity Awareness Month. This week we want to share our cybersecurity story with you.
A couple of years ago a customer of ours, a large university in the U.S., flagged a security issue they had with their new lighting controls system. Essentially the system resided on the backbone of the university’s network and the IT Department identified it was not compliant with their security policies.
This was a huge disappointment for the team at HCS and we came very close to losing the customer. The silver lining for us? This served as a “man in the mirror” moment and we used the experience to completely overhaul our approach to cybersecurity.
HCS launched a deep-dive investigation into the robustness of our connected products and their ability to handle external security threats. One of our first mistakes was the fact that we completely overlooked the opportunity to work with Hubbell Inc.’s cybersecurity task force.
The Hubbell Inc. cybersecurity task force had been established a few years ago with a vision to enable each business unit within Hubbell to meet their security goals and drive cybersecurity thinking in their business processes. Their mantra has been that if we all do it at our own levels, we will collectively come out “CyberSmart.” Comprising of members identified as experts in their field, the task force establishes cybersecurity best practices across the organization and also provides the right guidance, tools and frameworks to individual business teams when they need them in their respective cybersecurity-related initiatives.
In partnership with the task force, we went about the process of investigating how prepared each one of our products is for security attacks.
In the process, we recognized that the effort would benefit from external expertise. So, we partnered with the General Services Administration (“GSA”), a government organization that provides cybersecurity services such as system scans and risk assessments. GSA conducted a full-scale investigation to develop a report that assessed the weakness of our system’s security capabilities.
The report was alarming and it highlighted specific vulnerabilities in our system.
Based on the findings from the report and outcomes from our own investigation, we embarked on three critical steps to address our cybersecurity challenges while also driving a long-term sustainment plan:
- HCS secured a formal partnership with CSA Group, a leader in standards development, testing and certification. CSA helped us navigate through the challenges and provided us with a framework that we are implementing over the long term to drive security compliance of our products.
- We developed and launched an initiative called Security Development Lifecycle (“SDL”) that was designed to identify process improvement for cybersecurity. Steps have been taken to proactively integrate the recommendations for our own processes concerning product development, vendor selection and design architecture.
- We recognized we were not actively participating in the industry. So we rolled up our sleeves and began working closely with the Design Lights Consortium (“DLC”) to ensure we had a front-row seat to the inputs that shaped the NLC standard which focuses on cybersecurity.
This three-pronged approach is helping us become stronger in the area of cybersecurity and be an advocate for it. Our mission remains to enhance cybersecurity within our products so we can better serve our customer’s organizations.
Saying that the buck stops with me. I personally invite you to contact me directly to discuss ways in which we can partner to ensure we are appropriately promoting our cybersecurity capabilities and addressing the concerns of your customers.
Next week we’ll share our perspective on some common facts and misconceptions around the topic.
Gaurav Agarwal is the Product Manager for Networked Controls, Cybersecurity and Software for Hubbell Control Solutions. He can be reached at GAgarwal@hubbell.com.