What are the challenges of Industrial Cyber Security?

Reading time: 4 minutes - Difficulty: medium

Unlike IT, the issues associated with OT (Operational Technology) can have serious repercussions on the various aspects of production. It is now important to contain the risks with practical measures, for example by applying the IEC 62443 compliance standard.

Main differences between IT and OT

First of all, we need to make the distinction between the context of Information Security, IT, and that of Industrial Cyber Security, OT, or rather the security of industrial control systems.

IT falls within the context of ISO 27001; it is about confidentiality, integrity and availability of data. Damage to IT, for example in terms of availability, can bring a company to its knees because it typically stops its processes.

In simple terms, if the customer’s billing information, for example, is not available due to an IT issue, the immediate effect is that it is not possible to issue that invoice, at least until the problem is corrected.

 

Download Infographics

Do you want to contribute to our page?

Follow us on Linkedin or Subscribe to our newsletter

 

In the context of OT, the impact is much more serious, leading to shutdown or malfunction of a system.

Until quite recently, OT was offline, the hardware tended to be proprietary and the technology ran on systems that are now outdated.

The digital evolution of OT technologies has led to the paradigm of Smart Manufacturing and Industry 4.0. These technologies are basically used to keep production connected with ERP systems, and a constant flow of data makes it possible to carry out predictive maintenance, among other things; but at the same time, the OT devices used are exposed to new risks relating to cyber security.

The real problem is that there is still insufficient awareness of cyber threats in the field of digitization of OT.

 

Recommended in-depth study:

 

The culture of OT is very behind, therefore, compared to that of IT where there has always been awareness of these threats. The result is that there are state-of-the-art technologies but they are not properly configured and therefore vulnerable to possible cyber attacks. A typical case is the use of “admin” credentials.

Also, there are outdated OT devices, with obsolete systems ranging from Windows 95 to Windows 10, that have no protection whatsoever. It has become more necessary than ever to create an infrastructure that is appropriately segmented and resilient to cyber attacks.

 

Recommended in-depth study:

 

Cyber Security risks for OT

The main cyber security risks in the field of OT are:

  • Danger to the safety of employees or public health. Why public health? Simply think of a pharmaceutical company which, if attacked, may suffer alterations to the active ingredients of its products. It follows that the placing on the market of ‘wrong’ medicines can have a less than positive impact on public health.
  • Damage to the environment, as in the previous point, but related, for example, to the release of controlled substances into air or water
  • Damage to image and loss of confidence due to bad publicity as a result of not being ready to resolve a cyber security issue
  • Business continuity, that is, the direct consequence of downtime caused by a cyber attack
  • Theft of sensitive information related to product quality or intellectual property

 

Recommended in-depth study:

 

The paradigm of Industrial Cyber Security

With the challenges facing today’s Industrial Cyber Security, we are obliged to consider security to ensure overall safety of products. Cyber Security for OT focuses on:

  • Defense of production, therefore intended as a guarantee for business continuity, offering protection both from external attacks and from internal and unconscious oversights (for example, USB sticks containing malware). It is necessary to implement well-defined corporate security policies and personnel training programs, among other things. Threats are constantly evolving, so it is also necessary to apply security processes on an ongoing basis, to prevent the attacks of today as much as those of tomorrow.
  • Valuation of investments, where the “insurance” investment of prevention represents a minimum cost when compared with the potential cost to repair a cyber attack (disaster recovery), for example in the case of ransoms (typically in Bitcoin and often equivalent to millions of euros), but also the cost to make up for downtime or to repair hacked facilities.
  • Compliance with Legislative Standards, specifically IEC 62443. This international standard, now voluntary, helps with the implementation of a management system and countermeasures for the design of OT systems that cannot be compromised by malicious intrusions.

 

For further information:

 

Do you need immediate assistance in regard to Industrial Cyber Security?

 

Contact us

 

Go back to the blog
Send this to a friend