One of the biggest brakes on digital transformation within industrial organisations is usually a deep concern about security.
Our industrial customers – particularly those with globally distributed sets of plants – are embracing the operational excellence that digital transformation can drive in a heartbeat. They’d love to realise all its benefits, from making a forward leap in their process optimisation, enhancing their protection of Health, Safety and Environment (HSE), and better meeting their Environmental, Social and Governance (ESG) obligations, to increasing their supply chain efficiency. But the Operational Technology (OT) side of the organisation is often haunted by what could happen if the ‘secure’ isolation of OT is connected to the wider IT world.
Are these fears justified?
Face up to the industrial security dilemma
It’s true that connecting OT and IT can bring significant security risks. We know that the majority of malware that gets into factories comes from the IT sphere, and that linking OT with IT expands OT’s potential attack surface. Plus, we know that OT systems, because they were designed to operate in isolation for safety, have vulnerabilities to cyber attacks that systems ‘born digital’ don’t have.
Yes, these concerns are all valid, and must never be ignored. But it’s a dilemma, because they shouldn’t be allowed to hold back digital transformation, either. Digitalisation will soon be an imperative for every sector, and industrial organisations that don’t unlock the huge advantages of going digital will eventually fall behind and become uncompetitive.
Instead, these organisations should take the leap as soon as possible, balancing out the increased vulnerabilities by building in security throughout digital manufacturing, following these steps.
Four steps to creating your industrial security blueprint
Securing any interactions between OT and IT is a nuanced challenge that has to follow and protect data from its generation through to analysis. It needs multi-layered defences of the assets that produce the data, the data itself as it travels, and also as it’s processed – either locally or in the cloud.
1 Start with a reality check
In my experience, even the most air-gapped of OT systems has hidden security vulnerabilities, and a sensible place to start is by reviewing anything that can connect to the Industrial Automation and Control Systems (IACs) – even if there are no plans to merge it with IT. Many organisations don’t have the capability to instantly detect and identify connections to their OT LAN or wireless network, even though this is increasingly part of compulsory security audits. Can, for example, visiting partners connect their laptop to your wireless network in the IACs? Or can the OT department send printing to an enterprise printer, which means a connection to the enterprise network?
2 Divide and conquer
With all connections (or points where there’s potential for connection) identified, the next step is to classify assets, before applying segmentation and segregation. The key driver is to make sure that any attacker gaining entry to your OT network can’t move around freely. Micro-segmentation of the network becomes even more crucial to limit the impact of any future attack because industrial optimisation so often includes adopting Internet of Things (IoT) technologies supported by edge computing, both of which expand the attack surface. It may be that mission-critical areas need to remain segregated from the wider network, and these measures thoroughly tested.
3 Build in visibility
It’s crucial to have good visibility of device and network behaviours to detect anything abnormal. A proactive and unified security approach covering both IT and OT is the best way to ensure any vulnerability gaps are plugged. After applying segmentation with appropriate firewalls, add in detection platforms that scan for vulnerabilities, access and threats to create deep and wide visibility. And then, critically, integrate all these security inputs into a single Security Operations Centre for centrally controlled monitoring and maintenance.
4 Roll out global security standardisation
It’s not unusual for industrial organisations with plants around the world to have developed different policies and security infrastructure across different sites over time. However, this is inefficient and, potentially, a vulnerability magnifier since an effective defence in one plant might not be known to another. A standardised security policy and a unified threat response allows centralised control, streamlining the management burden and making sure best practice is followed across the global estate.
Say ‘yes’ to secure industrial optimisation
We’re ready to help you take the security brake off your industrial digital transformation and optimisation. Download our whitepaper to find out more.