Cybersecurity

Cybersecurity needs understanding and communication to work effectively

Communication and understanding between the information technology (IT) and operations technology (OT) department needs to improve as cyber attacks become more prevalent.
By Gregory Hale February 17, 2019
Courtesy: CFE Media

With security awareness continuing to skyrocket, one of the key factors moving forward is to eliminate the “Tower of Babel” that currently exists in the industry. The Tower of Babel is an origin myth meant to explain why people in the world speak different languages. This problem very much exists in cybersecurity with many people speaking different languages from a linguistics as well as a technology side.

“Cybersecurity is a learning computation and we have to stay ahead of the issue; the heart of the problem is the Tower of Babel,” said Nadav Zafrir, co-founder and chief executive of Israeli-based cybersecurity think tank, Team8, and president of Claroty. “There is very little visibility into what we are doing.”

Zafrir talked about five conditions that lead into the “perfect storm” for cyber threats:

  1. Cross-connectivity
  2. Convergence is inevitable
  3. No common language
  4. No visibility
  5. Active threat landscape.

The cross-connectivity space really started when connectivity started cranking in the year 2000 with mobile devices. By the year 2007, there was hyper-connectivity with added things like WiFi and social media. “Today, we’re at the age of cross-connectivity and that can lead to an amazing world.”

IT/OT convergence is coming

Convergence is inevitable. Initially, the two areas were not designed to work together. Legacy environments of information technology (IT) and operations technology (OT) lived in their siloed environments. After all, Zifrir said, OT is insecure by design, it has a lifetime of decades, and is designed to be closed and siloed.

There is also no common language between the two. IT and OT have similar end results, but their language and communication skills are very different. “We are creating a Tower of Babel,” Zafrir said.

In terms of visibility, Zafrir said there is none right now, but there also needs to be visibility from field devices all the way up to the enterprise.

There is also a very active threat landscape going on in the industrial space. For the longest time, bad guys did not venture in the manufacturing market, but they are coming in now with the potential to cause harm. “Threats are continuing to increase,” he said.

In 2017, NotPetya did $10 billion in damage. While that attack was not directed at the OT environment, it took down large industrial conglomerates around the world.

OT susceptible to IT Attacks

That also went to show OT is susceptible to IT vulnerabilities. NotPetya was an attack based on the EternalBlue exploit taken from the National Security Agency (NSA). The ransomware also targeted Microsoft Windows-based systems, infecting the master boot record to execute a payload that encrypts a hard drive’s file system table and prevents Windows from booting.

A more recent attack targeting an industrial enterprise occurred in August 2017, when the Triton malware ended up discovered on a Triconex safety system at a Saudi Arabian gas refinery and the SIS failed safe and took down the plant.

“Visibility is the minimum, you can’t defend what you can’t see,” Zafrir said. “Visibility into all the protocols and then baseline the system is key. Anomalies in the system will trigger an alert. That all makes for a safer environment. Understanding the system is vital because attacks are more sophisticated and take time. If you can see something at the early stages before it propagates, then we can do something about it.”

When it comes to security no one solution or one company can solve the issue.

“For a security program, it takes a village to protect systems,” Zafrir said. Between the supplier, the integrator and asset owners, everyone has to work as a team to achieve a secure environment.

“We really believe we can solve the issues,” Zafrir said. “We can make the world a little safer. With the increased connectivity, we are making defense harder.”

Security underlying factor in connected manufacturing

A connected manufacturing enterprise will garner great benefits for end users, but in that rush to greater connectivity, one of the underlying forces is it all has to stay secure.

“We are in a traditionally conservative industry, but we are seeing the need to be agile and more rapid,” said Blake Moret, chief executive and chairman of Rockwell Automation. “We embrace the need for speed. Using IT technology will help speed the pace of work.”

“When we do this, we can expand the possibilities and make enterprises more connected,” he said.

The drive for increased connectivity comes mainly from:

  • Growth of the middle class
  • Aging workforce
  • IT-OT convergence
  • Lower cost of computing and connectivity
  • Industrial upcycle remains strong
  • Equipment over 20 years old.

“At the end of the day, it always comes back to people,” Moret said. “We want to know what we are doing is important. When we combine the strengths of (technology and people), anything is possible. When we do this well, we can expand human possibility. We can make enterprises more connected.”

In June 2018, Rockwell and PTC inked a $1 billion strategic partnership to accelerate growth and enable the companies to be the partner of choice for customers around the world who want to transform their physical operations with digital technology.  Enterprises will spend $1 trillion on digital transformation and over $300 billion will go toward discrete and process manufacturing in 2018, said Jim Heppelmann, president and chief executive of PTC.

In a simplistic approach, Heppelmann said there will be three vectors that will transform the industry:

  • Products
  • Process
  • People.

The goal now is to improve the capabilities of designing products – computers that are more powerful – artificial intelligence (AI) can help fix design problems, he said.

When you get total connectivity of the enterprise, the user can get:

  • Monitoring
  • Control
  • Optimization
  • Autonomy.

On the process side, Heppelmann said there are no shortages of technologies.

“There is a lot of information in systems, but it is in a siloed environment,” he said. “In the IIoT model, everything connects from sensors through the enterprise. This also allows for an increase in analytics to make the process more efficient. Role-based experiences can create a flexible environment.”

It also provides a unified view across the enterprise with multiple vendors. We can make plants run much more efficiently.

From the people perspective, Heppelmann said by 2025, two million manufacturing jobs will go unfilled, according to research by Deloitte.

Heppelmann said augmented reality is an answer to the lack of workers. Retiring workers, he said, can also share their institutional knowledge where technology locks in their expertise. That would also result in an augmented reality environment where workers can see the archived data in real time which allows for greater productivity and a safer work environment.

This content originally appeared on ISSSource.com. ISSSource is a CFE Media content partner. Edited by Chris Vavra, production editor, CFE Media, cvavra@cfemedia.com.


Gregory Hale
Author Bio: Gregory Hale is the editor and founder of Industrial Safety and Security Source (ISSSource.com), a news and information website covering safety and security issues in the manufacturing automation sector.