Drives and Controls Magazine
Three things to remember about VSD cybersecurity
Published:  01 April, 2023

Drives, like computers, can be vulnerable to cyber-attack if appropriate protections are not put in place. Michael Roebuck, ABB’s digital lead for motion, provides some practical tips on how to improve VSD cybersecurity.

There is no single way to manage the cybersecurity risk in industrial control systems, nor is there a single completely secure means of protecting oneself from the outside world. Cybersecurity for every asset must be considered on its own merits, weighing up security with practicality to ensure that all reasonable protections are put in place, without making the system impossible to use.

Drives are uniquely positioned at the nexus between safety and security. A compromised drive can easily lead to a material risk to plant and personnel. Drive cybersecurity must be taken extremely seriously as part of a defence-in-depth strategy, that provides multiple layers of security countermeasures addressing people, technology and operations to counter potential threat vectors, and to provide redundancy in the event that a vulnerability is exploited. Here are some practical tips for implementing such a strategy within the context of VSDs.

The drive is often not the main target  While there are high-profile examples of specific devices and products being targeted by malicious code, more often than not the drive is not the target of a cyber-attack. Indeed, it may well be that the hacker’s intention is not to control the drive itself, but to use it as a backdoor into the network. To that end, even non-critical applications should be considered carefully, and IT specialists should be consulted when installing any new third-party devices to ensure that both the drive and any wider networks are protected appropriately.

Understand the risks  The damage that a cyber-attack can inflict can rapidly multiply far beyond the initial consequences of the attack itself. For instance, a ransomware demand may be a difficult hit to take on a one-off basis, but if it leaves the business unable to pay wages then the viability of the whole organisation could be under threat. The importance of robust cybersecurity protection cannot be overstated, because the stakes are extremely high. 

Update your protection  It may seem obvious, but it cannot be over-emphasised. The reality is that protocols and best practices are not always followed, and systems or protections can be neglected over time. Just because a device has been working without incident for years, or because it is considered to be safe and secure, does not mean that it always will be. New exploits are being discovered all of the time, even for systems that were thought to be relatively secure. Make sure that your drive firmware is up-to-date, and never use a third party for firmware updates, because these should only come directly from the manufacturer.


If you have any concerns about the cybersecurity of your devices, always consult the manufacturer.