Critical Infrastructure Security , Endpoint Security , Governance & Risk Management
The Importance of Securing Operational Technology
Shankar Karthikason on How to Stem the Growing Cyberthreat to ManufacturingHuge Industry, Lucrative Target
The exponential growth of the internet has caused factories around the world to move toward digitalizing their operations. Manufacturing is a huge industry with massive amounts of critical data and IoT surfaces. Connected networks can monitor, collect and analyze data to make the business smarter, and IoT devices allow the industry to automate its operations and provide cost-effective, faster time to market and mass customization with increased safety.
See Also: Cybersecurity Awareness Engagement Toolkit: Elevate Your Security Culture
But manufacturing is also a lucrative target for cybercriminals. Stolen data provides direct value to hackers who may conduct ransomware attacks that disrupt production and have significant impact, including even the loss of life.
IT Brief Australia said in March: "A new report by Future Market Insights on the Internet of Things manufacturing market says the market share is likely to reach approx. US$399 billion by 2026."
As a result of this kind of growth, security personnel are increasingly paying attention to operational technology systems. In addition to information theft, they must worry about real-world hazards and implement the right OT security and control framework to address these risks.
OT environments, which traditionally were separated, are no longer completely airlocked. Instead, they now they have direct connections for businesses and other parties.
Growth Brings Risk
Forescout said in a blog post in March, "According to Gartner, by 2025, 75% of OT security solutions will be delivered via multifunction platforms." And cyber risk will continue to grow as more and more smart factory initiatives increase globally.
But manufacturing organizations don't have to let security threats compromise the significant potential of smart manufacturing. They should consider a holistic cybersecurity program and make investing in one a top priority.
My organization has experienced an increase in the number of automation systems and tools and … the number of espionage and cyberattacks on industrial enterprises has grown.
Many manufacturers embraced digitalization, and there has been a major shift in manufacturing toward data protection and digital factories. This transformation helps organizations increase productivity and reduce resources, but it also increases organizations' cyber risk.
Many companies have observed an increase in cyber-related incidents pertaining to control systems used to manage industrial operations. My organization has experienced an increase in the number of automation systems and tools and the amount of communication in the OT landscape. This increases the attack surface, and the number of espionage and cyberattacks on industrial enterprises has grown as cybercriminals search for new targets in the OT environment to make it more profitable.
Again, these interconnected advantages provide faster identification and remediation of quality defects and better collaboration across many other operational areas, but they have also increased the potential threat to the digital factory.
A Holistic Cybersecurity Program
Industry 4.0 generates values from all aspects of connected assets, and if businesses want to benefit from this revolution, they should be prepared to overcome specific challenges, such as security.
The OT environment must undergo a thorough, end-to-end security transformation program … to reach for a mature state of security.
Guarding against ransomware, supply chain infection, phishing, IoT compromises and intellectual property theft is part of comprehensive digital security. Therefore, organizations should look into holistic cybersecurity programs that extend across the enterprise and focus on identifying, protecting, detecting, responding and recovering from cyberattacks.
The OT environment must undergo a thorough, end-to-end security transformation program. The intention is to reach for a mature state of security that aligns with the business's objectives and goals.
To build an effective program, you should conduct a maturity assessment and initiate formal cybersecurity governance that considers OT and prioritize actions based on risk profiles.
Basic Hygiene Steps
Cybersecurity risks personnel can ensure appropriate internal OT standards in all facilities in their organizations. Following these steps can help you achieve basic cybersecurity hygiene:
- Define the roles and responsibilities of OT security personnel and document them.
- Ensure you obtain an up-to-date asset inventory from each of your facilities.
- Ensure that appropriate training and awareness programs take place.
- Define and plan a proper network segregation.
- Implement a safe configuration process and define a formal patching process.
- Implement a real-time security monitoring and detection solution.
These steps can be mapped against the National Institute of Standards and Technology's SP 800-82, Rev. 2, the Center for Internet Security's Critical Security Controls and the NIST Cybersecurity Framework.
CyberEdBoard is ISMG's premier members-only community of senior-most executives and thought leaders in the fields of security, risk, privacy and IT. CyberEdBoard provides executives with a powerful, peer-driven collaborative ecosystem, private meetings and a library of resources to address complex challenges shared by thousands of CISOs and senior security leaders located in 65 different countries worldwide.
Join the Community - CyberEdBoard.io.
Shankar Karthikason is the head of cyber security strategy, operations and advisory at Averis. He has over 12 years of experience in conceiving and implementing key business strategies toward enhancing the trajectory of the overall operations as well as business growth.