Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

All Posts

Why is Change Management Important to Automation and Cybersecurity?

“Organizations do not change, people do.”

When your organization takes on an initiative to improve performance or address key issues, they often require change; change to processes, job roles, organizational structures, and technology. However, it is the employees of your organization who will ultimately have to change how they do their jobs.

If these individuals are unsuccessful in their personal transitions (i.e., if they don’t embrace and learn a new way of working), the initiative will fail. If employees embrace and adopt to the changes required by these initiatives, however, it will deliver the expected results.

Change is never comfortable and may times resisted as it brings about new challenges and often causes people to reach outside their comfort zones.

What is Change Management?

Change management can be defined as “the processes, tools, and techniques involved in managing the people approach to change, with the objective of achieving a successful business outcome.”

A central idea of change management is that no change happens in isolation. In one way or another, change impacts the whole organization and all the people in it. With good change management, you can encourage everyone to adapt and embrace a new way of working.

When organizational leaders or managers seek to initiate change, they are often optimistic about the process. They can see clearly how beneficial the proposed changes will be and assume others will see it just as clearly. They have confidence that their vision will transition easily to the entire organization, and often define too narrowly the range of people who will be affected.

Change and the Organizational Culture

Organizational culture is the unspoken, often unrecognized, system of beliefs and expectations that structures the way people in an organization view what is appropriate or possible behaviour. In much simpler terms, culture has often been described as “the way we do things around here.”

Organizational culture does not arise by accident. It is the accumulation of organizational experiences and beliefs about “what works.” While it creates a strong value system, this deeply-embedded system of values and beliefs frequently comes into conflict with the requirements of the organization to adapt for the future.

Organizational agility results from a careful attention placed on helping people regard change as a positive and valuable thing. A lack of attention in developing such agility means that even simple changes of procedure can meet resistance. More complex changes are likely to include elements that touch not only on beliefs about change itself, but conflicts on the way things should or should not be done, creating additional resistance.

Effective change managers identify the cultural sensitivities that a particular change brings about. They develop strategies for promoting change in both the specific cultural “artifact” that is creating resistance, and in the culture of the organization with regard to change more generally. An awareness of culture, the insight to recognize its contribution to change readiness and resistance, and the understanding of strategies leaders can use to shape culture are all part of the personal toolkit of effective change managers. The organization culture, and its ability to support or inhibit the change process, needs to be considered in any change process in order to be successful.

See also: The Change Management Body of Knowledge

The Four Principles of Change Management

Change management recognizes that change can be a painful process which has far-reaching implications on the organization and the people working for it.

Here are four key principles to keep in mind when implementing change management:

  • Understanding Change: For change to be effective, you need to understand all the “ins and outs” of the change. For example, what it is, how it will be achieved, and why it needs to happen.
  • Planning Change: This can include achieving high-level sponsorship of the change project, as well as identifying wider involvement and buy-in opportunities.
  • Implementing Change: When carrying out your plan, you need to ensure that everyone involved knows what they’re doing. This may encompass addressing training needs, appointing “change agents,” providing support, and/or setting specific success criteria.
  • Communicating Change: Everyone needs to know why the change is happening, feel positive about it, and understand how they can contribute.

How Does Change Management Relate to the Automation and Cybersecurity Profession?

Automation professionals are often involved in change projects and initiatives as part of their jobs. Technologies are evolving at a fast pace, and the pandemic has presented new challenges where companies have had to adapt faster than ever before.

Here are some examples of the application of change management within automation:

  • Within Projects: The implementation of new automation projects usually involves the implementation of state-of-the-art technologies, equipment, and new processes. For the project to succeed, it is key to consider the people involved in the project: The users, operators, maintenance team, and stakeholders. Listen, engage, communicate, train, and have feedback channels to create a continuous improvement culture.
  • Digital Transformation: Today, there is a big buzz around digital transformation initiatives. Many companies think about implementing new technologies, but don’t consider the people and processes involved. As a result, the transformation often fails to gain ground, or does not happen at all.
  • Industrial Cybersecurity: The risk of cyberattacks are growing in recent years, causing many companies to implement new firewalls and software tools as a result. However, if these initiatives don’t include the employees, they are not going to improve the cybersecurity of their plants. The implementation of new cyber policies and procedures requires a change in the behavior of employees, and many cybersecurity initiatives fail due to the lack of focus on the human aspect. Instead, focus on these employees by communicating and taking a holistic approach to cybersecurity.
  • Remote Work: The COVID-19 pandemic introduced an unanticipated need to move over to remote work. Organizations had to quickly adapt their systems and processes, and many employees are struggling to adapt to the new reality. Many may lack a proper place to work at home, have bad internet connections, have to look after their children, and so on. On the other hand, many employees don’t want to come back to the office. They’re enjoying the flexibility to work from home and be close to their families. As a result, companies are now considering new models of work, including hybrid models. Change management will play a key role in the success of these new models.
  • Standards and Regulations: When a new standard is introduced or a new revision is published, it causes changes in a company’s process and procedures to inform and train professionals to be complaint with these new regulations.

Read more: "The New Normal"

Carlos Mandolesi
Carlos Mandolesi
Carlos Mandolesi is an electrical engineer, graduated from the Federal University of Itajubá (UNIFEI) in 1992 and post-graduated in Business Management from the University São Francisco in 2006. He has a career of over 25 years in the field of industrial automation and industrial networks having worked in companies like General Electric (GE) and Sigmma Automation. Currently serves as Project Portfolio Manager at Trinity College Dublin in Ireland. Carlos is the President-elect for the 2021/2022 term of the International Society of Automation (ISA), a global non-profit entity, founded in 1945 with headquarters in Raleigh / NC in the USA, which develops global standards and certifications widely used in the industry, offers education and training, publishes books and technical articles, organizes conferences and exhibitions, and provides networking and professional development programs for its more than 38,000 members spread across 44 countries, organized in 135 local sections and its 400,000 customers worldwide. See Carlos on ISA Connect.

Related Posts

Study Preview: IIoT Component Certification Based on 62443

The ISA Global Security Alliance (ISAGCA) and the ISA Security Compliance Institute (ISCI) recently relea...
Carol Muehrcke Oct 14, 2021 5:30:00 AM

ISA's Cybersecurity Standards Implementation Virtual Conference (CSIC)

Are your industrial automation and control systems (IACS) protected against malicious cyberattacks? These...
Steven Aliano Oct 12, 2021 5:30:00 AM

Securing Energy Infrastructure from Cyber Threats

Introduction Energy infrastructure is quite a large sector on Earth. It has evolved from the past 200 yea...
Sourabh Suman Oct 5, 2021 5:30:00 AM