It is no news to anyone that the world is changing at breakneck speed and with each significant technological development, the pace gets faster and the curve steeper. This is the exponential age and it is driven by industry 4.0 (i4.0).
"The robots are coming" we hear them cry from their balconies.
Well yes they are, but it's not an overnight coup. We are now checking the foundations for this incredible transitional phase in our collective human development that will be fast paced, but incremental. But what about how it changes safety?
This is a vast topic and one solitary blog post isn't going to do it justice, however if we focus on safety as an example, it is not difficult to see how workplace safety and cyber security are going to become increasingly intertwined.
Taking the Australian model WHS legislation, there are prescribed duties of those people that import, design, manufacture plant or have material control over a workplace where it is operated. Well that's all well and good and it makes good sense to ensure control over these processes in a traditional sense. But what if we tiptoe 5-10 years into the future and take a peek?
Automation and autonomous robots are gaining a foothold in the workplace and the numbers are showing no signs of slowing according to the International Federation of Robotics. If they are programmed locally and rely on human interface to perform their tasks, then controlling the associated risks is more easily achieved. But if in fact they are designed to learn, self-improve and are connected to the net, then the waters become murkier. The designer can account for some safeguards but how does a PCBU safeguard against a hostile cyber attack that can potentially change the actions of their automated working machines? Especially if these machines work in proximity to their human workers?
Real cases of robot-worker interaction have been experienced in car manufacturing, as well as other industries already. https://www.news.com.au/technology/factory-worker-killed-by-rogue-robot-says-widowed-husband-in-lawsuit/news-story/13242f7372f9c4614bcc2b90162bd749
However, given that the legislative regime is now working to catch up with this ever presenting issue, let's focus on what a PCBU can realistically do to pre-empt and manage an event involving a 'connected' machine/robot.
The two most widely accepted frameworks for information (and cyber) security are NIST and ISO 27001. Both approaches have common goals with slightly different approaches.
ISO 27001 - Information Security Management, shares the same higher level structure as ISO 45001 - OHS Management Systems. In essence this means that they share common 'core' mechanisms of business management with specific requirements for safety and cyber security woven throughout. Those workplaces with connected robots/machinery that have an integrated safety/cyber system in place will look at the abovementioned risks as a collective and will have a greater stance of defence against any unwanted cyber attack events, and therefore reducing the operational risk profile. This is exactly the kind of organisational risk management that wins business with larger client organisations in tomorrow's market.
In reality, implementing safety and cyber together can be a relatively simple process, focused on the specific risks and wider context of the organisation. One thing is for certain, the world is not looking back and so a firm legislative review alongside a dynamic industry approach will be required to ensure successful transition for companies embracing these new technologies.
i40 is a professional services consultancy that provides ISO System, Risk Management and People advice to business across Australia and internationally. To discuss implementaiton of a safety, information security, quality or environmental system tailored to your business, call us on 1300 155 605 or email firstname.lastname@example.org for a no obligation consultation.