Building a Resilient World:

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Why is Change Management Important to Automation and Cybersecurity?

“Organizations do not change, people do.”

When your organization takes on an initiative to improve performance or address key issues, they often require change; change to processes, job roles, organizational structures, and technology. However, it is the employees of your organization who will ultimately have to change how they do their jobs.

If these individuals are unsuccessful in their personal transitions (i.e., if they don’t embrace and learn a new way of working), the initiative will fail. If employees embrace and adopt to the changes required by these initiatives, however, it will deliver the expected results.

Change is never comfortable and may times resisted as it brings about new challenges and often causes people to reach outside their comfort zones.

What is Change Management?

Change management can be defined as “the processes, tools, and techniques involved in managing the people approach to change, with the objective of achieving a successful business outcome.”

A central idea of change management is that no change happens in isolation. In one way or another, change impacts the whole organization and all the people in it. With good change management, you can encourage everyone to adapt and embrace a new way of working.

When organizational leaders or managers seek to initiate change, they are often optimistic about the process. They can see clearly how beneficial the proposed changes will be and assume others will see it just as clearly. They have confidence that their vision will transition easily to the entire organization, and often define too narrowly the range of people who will be affected.

Change and the Organizational Culture

Organizational culture is the unspoken, often unrecognized, system of beliefs and expectations that structures the way people in an organization view what is appropriate or possible behaviour. In much simpler terms, culture has often been described as “the way we do things around here.”

Organizational culture does not arise by accident. It is the accumulation of organizational experiences and beliefs about “what works.” While it creates a strong value system, this deeply-embedded system of values and beliefs frequently comes into conflict with the requirements of the organization to adapt for the future.

Organizational agility results from a careful attention placed on helping people regard change as a positive and valuable thing. A lack of attention in developing such agility means that even simple changes of procedure can meet resistance. More complex changes are likely to include elements that touch not only on beliefs about change itself, but conflicts on the way things should or should not be done, creating additional resistance.

Effective change managers identify the cultural sensitivities that a particular change brings about. They develop strategies for promoting change in both the specific cultural “artifact” that is creating resistance, and in the culture of the organization with regard to change more generally. An awareness of culture, the insight to recognize its contribution to change readiness and resistance, and the understanding of strategies leaders can use to shape culture are all part of the personal toolkit of effective change managers. The organization culture, and its ability to support or inhibit the change process, needs to be considered in any change process in order to be successful.

See also: The Change Management Body of Knowledge

The Four Principles of Change Management

Change management recognizes that change can be a painful process which has far-reaching implications on the organization and the people working for it.

Here are four key principles to keep in mind when implementing change management:

  • Understanding Change: For change to be effective, you need to understand all the “ins and outs” of the change. For example, what it is, how it will be achieved, and why it needs to happen.
  • Planning Change: This can include achieving high-level sponsorship of the change project, as well as identifying wider involvement and buy-in opportunities.
  • Implementing Change: When carrying out your plan, you need to ensure that everyone involved knows what they’re doing. This may encompass addressing training needs, appointing “change agents,” providing support, and/or setting specific success criteria.
  • Communicating Change: Everyone needs to know why the change is happening, feel positive about it, and understand how they can contribute.

How Does Change Management Relate to the Automation and Cybersecurity Profession?

Automation professionals are often involved in change projects and initiatives as part of their jobs. Technologies are evolving at a fast pace, and the pandemic has presented new challenges where companies have had to adapt faster than ever before.

Here are some examples of the application of change management within automation:

  • Within Projects: The implementation of new automation projects usually involves the implementation of state-of-the-art technologies, equipment, and new processes. For the project to succeed, it is key to consider the people involved in the project: The users, operators, maintenance team, and stakeholders. Listen, engage, communicate, train, and have feedback channels to create a continuous improvement culture.
  • Digital Transformation: Today, there is a big buzz around digital transformation initiatives. Many companies think about implementing new technologies, but don’t consider the people and processes involved. As a result, the transformation often fails to gain ground, or does not happen at all.
  • Industrial Cybersecurity: The risk of cyberattacks are growing in recent years, causing many companies to implement new firewalls and software tools as a result. However, if these initiatives don’t include the employees, they are not going to improve the cybersecurity of their plants. The implementation of new cyber policies and procedures requires a change in the behavior of employees, and many cybersecurity initiatives fail due to the lack of focus on the human aspect. Instead, focus on these employees by communicating and taking a holistic approach to cybersecurity.
  • Remote Work: The COVID-19 pandemic introduced an unanticipated need to move over to remote work. Organizations had to quickly adapt their systems and processes, and many employees are struggling to adapt to the new reality. Many may lack a proper place to work at home, have bad internet connections, have to look after their children, and so on. On the other hand, many employees don’t want to come back to the office. They’re enjoying the flexibility to work from home and be close to their families. As a result, companies are now considering new models of work, including hybrid models. Change management will play a key role in the success of these new models.
  • Standards and Regulations: When a new standard is introduced or a new revision is published, it causes changes in a company’s process and procedures to inform and train professionals to be complaint with these new regulations.

Read more: "The New Normal"

Carlos Mandolesi
Carlos Mandolesi

Carlos Mandolesi is an electrical engineer, graduating from the Federal University of Itajubá (UNIFEI) in 1992 and post-graduated in Business Management from the University São Francisco in 2006. He has a career of over 25 years in the field of industrial automation and industrial networks, having worked in companies like General Electric (GE) and Sigma Automation. Carlos currently serves as Project Portfolio Manager at Trinity College Dublin in Ireland. Carlos is the President-elect for the 2021-2022 term of the International Society of Automation (ISA). See Carlos on ISA Connect.

Related Posts

Industrial Control Systems Certification

An increasing number of intentional attacks are being detected that target industrial control systems (IC...
Nikhil Kapoor Jun 7, 2024 7:00:00 AM

Most Cybersecurity Teams Are Unprepared for AI Cyberattacks

Cybersecurity teams aren’t the only ones using artificial intelligence to their advantage — cybercriminal...
Zac Amos May 31, 2024 4:02:28 PM

Protecting Vital OT Infrastructure: Key Strategies for OT Penetration Testing

Operational technology (OT) cybersecurity faces significant challenges in maturing its operations and pro...
Mohannad AlRasan May 24, 2024 4:44:16 PM