Most executives still view cybersecurity primarily as a cost factor. Numerous security breaches and new regulatory requirements have hardly changed this view. In the meantime, IT security teams are confronted with this problem and those responsible for security from areas such as energy, supply, manufacturing, and the nutrition and food industry.
And just like in IT, those accountable for the budget in industrial cybersecurity cannot be convinced by horror scenarios such as the attack on the waterworks in Oldsmar, Florida, or on the Colonial Pipeline. Here, too, it is more expedient to emphasize the economic advantages over corporate management. The following applies: The more critical industrial networks are for the company, the more crucial effective industrial cybersecurity is for business success. Three points play an essential role in this.
In companies whose industrial networks are at the heart of their business, revenue is only generated when these systems are operational. Any risk that threatens safety, productivity, and reliability has significant financial implications if systems have to be shut down and restarted. Depending on the industry, manufacturing processes cannot simply be restarted after an unplanned stop but require lengthy and costly preparation. Attacks can also endanger production by causing undesired changes to a product, e.g., B. by manipulating machines to change recipes or contaminating the water supplies used in the production process.
The OT network has been a blind spot for IT security professionals for decades. In the digital transformation, it is becoming more critical and urgent to promote transparency, continuity, and resilience in the industrial world. Since most virtual environments of infrastructure do not have modern security controls, companies have the opportunity to develop a security program from the ground up – without having to worry about existing security technology. Security leaders can prioritize critical use cases and focus on getting a complete view of their OT environment. With detailed information on all OT, IoT, and IIoT components,
Accelerating Secure Digital Transformation
Connecting OT networks to IT systems has created tremendous business value and enabled operational efficiency, performance, and quality of service improvements. Many business models would hardly be feasible without this networking of IT and OT, for example, the delivery of components for the automotive industry just in time or just in sequence. However, this has also increased the risk. Attacks can – deliberately or as a kind of collateral damage – spread from one side to the other and, for example, paralyze production facilities in the event of a ransomware attack on IT – and vice versa.
Nowadays, security officers usually have an excellent insight into IT networks, and this transparency is often lacking, especially in OT. This enables precise identification, let alone reducing risks, highly complex and resource-intensive in industrial environments. For example, Colonial Pipeline switched off the OT side of the network as a precautionary measure since the pipeline operator did not have sufficient transparency of this infrastructure and was thus unable to assess the extent of the risk. However, deep insights into the OT infrastructure are possible: The OT network traffic provides all security information required for monitoring threats, such as the software version running on the devices, the firmware, or serial numbers. With this insight into the systems, inherent critical risk factors such as weak points, incorrect configurations, or even untrustworthy remote access mechanisms can be specifically addressed,
Smooth, Secure Remote Access
Industrial network administrators need to provide secure remote access to more employees than ever before. In addition, the manufacturers, who usually have contracts for the minor maintenance of machines, also have to support numerous new users due to the pandemic. The trend towards remote work will continue in the industrial sector, and the need for secure remote access will continue to increase. The Florida water treatment plant attack showed that attackers use unsecured connections to gain unauthorized access to critical infrastructure. However, remote OT access is not all about security. OT engineers need smooth, reliable access to
The networking of IT and OT and the “IT-fiction” of production increase the risk of a cyber attack if no suitable countermeasures are taken. Industrial cybersecurity protects against attacks on existing systems and enables secure digital transformation, and thus contributes significantly and sustainably to business success. The former brake block has long since become an enabler. It is high time that security officers made this clear to their managers.