Cybersecurity threats are nothing new for most organizations. And, unfortunately, far too many threats ultimately result in breaches with the ability to put companies in the headlines for all the wrong reasons. According to a recent research report by Risk Based Security, the number of reported breaches increased by 33% over 2018 numbers, with a total of 7.9 billion exposed records—making 2019 one of the worst years in history.
However, headline-worthy breaches have historically—and almost exclusively—shined a spotlight on IT issues. That’s not the case anymore. With the rise of the Internet of Things (IoT), the operational technology and information technology environments are converging and the threat landscape has grown significantly.
Simply put, digitalization is introducing a dramatic increase in risk of production disruption. OT networks no longer benefit from a limited attack surface. IoT devices and cloud computing capabilities are now playing a key role in manufacturing processes, and it’s a game changer, explains Siemens USA Chief Cybersecurity Officer Kurt John.
“This can be reflected in some of the latest malware, which is able to seamlessly move from IT environments to OT networks and back,” says John. “This confluence of technologies has resulted in more exposure, and manufacturers should start thinking about IT and OT as one instead of two distinct environments. Developing a holistic technology and security roadmap is the first step to combating the threats that face them.”
Convergence prompting rapid evolution
Fortunately, manufacturers are starting to realize there is a significant gap between the priorities of OT and IT teams, which has a major effect on cybersecurity initiatives, explains Alan Mindlin, technical manager at Morey.
“Manufacturers on the OT side are mainly focused on available services. Production must continue because any interruption could result in increased downtown or even ceased operations—dramatically impacting a company’s bottom line,” he says. “IT, on the other hand, may not necessarily be as worried about product availability, but instead focused on securing computer network security to avoid potential breaches that could wipe out critical data.”
Unfortunately, the amount of production processes connected to the internet is rarely transparent to manufacturing leaders. And as such, one data breach can cause significant manufacturing defects, explains Mindlin.
“Breached IoT devices have the potential to introduce defects into manufactured products without the manager’s knowledge,” he says. “This can result in products that do not function correctly, losing customers’ trust. With the growth of IoT connected devices, cybersecurity risks are escalating. Manufacturers and IT teams should focus on designing sophisticated systems that are robust and safe and secure.”
In many instances, today’s OT environments resemble IT spaces from years past. “IT has, over the years, developed a robust process for identifying and eliminating vulnerabilities from the landscape. In some parts of IT, this is even fully automated,” says Siemens' John. “Contrast that with OT, which has a much longer lifecycle and does not have the same technological advancements in identifying and eliminating vulnerabilities and we have a perfect storm for bad threat actors to take advantage of these unprotected systems.”
John sees two fundamental challenges in OT—protecting existing older (yet still mission critical technologies) and integrating cybersecurity into the digitalization journey as manufacturers add new pieces.
“Addressing these topics will move OT protection closer to IT, where one day, because cybersecurity is so fundamental, manufacturers can deploy new technologies without having to be concerned about arbitrarily creating risks,” says John.
Interested in learning about the keys to success? The second half of this IndustryWeek print feature dives into the keys to securing this new reality.