The importance of focusing on cybersecurity for SI projects

Industrial control system (ICS) cybersecurity is increasingly important. From the start, involve the right people from operational technology (OT) and information technology (IT) to collaborate on OT cybersecurity needs.

By Dan Malyszko December 13, 2022
Image courtesy: Brett Sayles

Cybersecurity has become more than a buzzword for manufacturers in recent years as more devices connect to the internet. This increased connectivity makes more devices vulnerable because they aren’t protected the same way a computer is. This means companies must be more vigilant and prepared for potential attacks. System integrators (SIs) can help manufacturers and other companies prepare with a thorough audit and plan during the project.

CFE Media: Has cybersecurity increased in priority in system integration (SI) projects?

We are seeing a larger IT influence on projects regarding cybersecurity, so things like control system access, role-based security, and industrial control system (ICS) asset identification are becoming more prevalent in operational technology (OT)-centric projects.

CFE Media: What are some of the biggest cybersecurity obstacles in SI projects?

Unfortunately, we still run into many industrial control systems with limited or no restrictive security access and authorization. At the same time, cyber- and data-security departments are trying to pursue zero-trust security frameworks. This issue is compounded by the information technology (IT) team’s unfamiliarity of the OT side of the house, so the overarching issue is alignment between these groups.

CFE Media: How do you help turn that challenge into a strength?

We have had high success with IT/OT convergence by involving the right people from the customer and within our organization from the start. If a security conversation is not already happening, we broker a meeting with the customer’s IT and cybersecurity groups and gain credibility by having our industrial network and security engineers present, to speak their language. Building trust with the enterprise IT and security departments is paramount to helping the customer achieve cybersecurity goals.

CFE Media: Has the COVID-19 pandemic changed the approach to cybersecurity?

Secure remote access to industrial control systems received a lot of attention from IT and security departments during the pandemic. This has been for the better because IT personnel have gotten to see some security struggles OT has had for years. IT can only help if they understand the unique requirements of ICS equipment and applications.

CFE Media: What has Malisko learned from the increased focus on cybersecurity?

Accurate asset inventory and a means to monitor network traffic in ICS environments are starting to become a requirement of many IT departments, and these directives are, many times, from the chief information security officer (CISO) or CEO. Increased media visibility on cyber-attacks in manufacturing has many stakeholders realizing they are, in many cases, years behind where they need to be with ICS security. 

CFE Media: What other advice would you give about cybersecurity in system integration?

Be a champion for IT/OT convergence and help spread the message to the OT side of the house that IT folks can help. Embrace building relationships with the IT and security personas on the enterprise side to build trust. They will help you achieve best-in-class cybersecurity practices in the ICS environment, if you let them.


Author Bio: Director of operations, Malisko Engineering Inc.