Finding common ground in IT/OT convergence

The interconnection of information technology (IT) and operational technology (OT) is a source of new opportunities and challenges. With increasingly automated and robotic supply chains, manufacturing and engineering companies are becoming more connected, but this exposure to external data flows inevitably leads to new risks.

12/07/2017


One of the biggest challenges facing the industrial sector is understanding the risk and impact cybersecurity attacks can have as the transition to Industrie 4.0 and the Industrial Internet of Things (IIoT) gains momentum. Companies are starting to realize there is a significant gulf between the priorities of operations technology (OT) and information technology (IT) teams and this has a major effect on cybersecurity initiatives.

For engineers on the OT side, the focus is on available services. Production must continue because any interruption could result in a serious setback and it must be safe because engines, motors, and processors carry a physical risk to operators. IT, on the other hand is not worried unduly about availability, but a computer network security breach that could wipe out essential data and has the potential to let hackers gain access to control systems.

However, many manufacturers either believe their production processes are unconnected to the Internet, or they haven't considered there was even an Internet connection in the factory. In a recent incident, a control room that monitors petrochemical facilities went down and the computers showed an error resembling a ransomware attack. When an employee went to make a coffee, they realized the same error message was showing on an Internet-connected coffee machine.

Instead of being connected to an isolated Wi-Fi connection, the machine had been connected to the internal control room network. Given the timing of this attack, the network was likely infected by WannaCry ransomware, which also was responsible for infecting millions of devices worldwide that were running Microsoft Windows XP.

The gap between the factory and the Internet has become virtually non-existent. With the growth of Internet of Things- (IoT-) connected devices, cybersecurity risks are escalating. For most engineering firms, however, the focus remains on designing sophisticated systems that are robust and safe, and this is having a detrimental effect on securing networks. 

How high is the risk?

In many ways, the lack of real concern in the industrial sector to date is understandable. The technology used in manufacturing enterprises is rarely standard, highly complex, and often unique. This would mean a malicious attack on industrial processes would have to be very specific in order to do harm.

The status quo is about to change. Reports about a new virus called Industroyer have indicated it has the power to seriously damage or compromise industrial control systems (ICSs). This virus can speak four industrial languages and is highly customizable and can be used in targeted attacks. Its use goes beyond extorting money from individuals and is more likely to be used for nation-state attacks that disrupt vital infrastructure.

Ukraine has been on the receiving end of attacks of this nature with two widespread blackouts occurring in the winters of 2015 and 2016. Both attacks left 700,000 homes without power or water in Western Ukraine. The 2015 incident is believed to be the first example of a hacking attack deliberately targeted at a power grid and was attributed to state-sponsored hackers in Russia.

Industrial operational systems, while robust, are not safe from attack, and they aren't compatible with today's interconnected environment. Now, as OT and IT systems converge, there is an urgent need to find a balance between ensuring availability and securing themselves against cyber attacks. 

Changing mindsets

Change has to happen between departments and people before any change can be made to technology. Engineers speak a different language than IT managers. They need to agree upon a common approach and strategy.

This becomes more important every day. The influence of Industrie 4.0 on automation is bringing about major changes and greater adoption of cloud and cognitive computing. This creates a need for massive computer resources to support the flow of data to and from the cloud via IoT-connected devices. Factories are communicating in real time across networks and they need to be secure as they adopt Industrie 4.0.

Standard firewalls and security software are not enough. Next-generation firewall hardware needs to be built to adapt to industry prerequisites such as DIN-rail mounts.

These solutions would be "hardened" and ruggedized according to key criteria, including temperature, dust, and humidity. In order to provide the same level of security, the firmware needs to include specific industrial protocols while being sensitive to the need for safety.

Ordinarily, if a firewall crashes in an IT setting, the network stops functioning. In an industrial setting, however, safety modes enable a packet to go through regardless of whether there is power because for OT systems, availability and safety are the main priorities. The factory then has to be stopped in a safe position.

OT and IT need to work together to combat the risks regardless of what they are. The threat to the new generation of manufacturing enterprises does not have to impact companies if appropriate consideration is given to safety, availability, and security.

Robert Wakim is industrial offer manager at Stormshield. This originally appeared in a November 6 article on the Control Engineering Europe website. Edited by Chris Vavra, production editor, Control Engineering, CFE Media, cvavra@cfemedia.com.

MORE ANSWERS

www.controleng.com keywords: cybersecurity, Industrie 4.0 

  • Increased connectivity, thanks to Industrie 4.0 and the Industrial Internet of Things (IIoT), increases the risk of a potential cybersecurity attack against manufacturers.
  • As operations technology (OT) and information technology (IT) systems converge, a balance between ensuring available services and securing themselves against cyber attacks needs to be achieved.
  • OT and IT need to work together to combat cybersecurity risks. 

Consider this

What else can be done to better protect OT and IT systems as they become more connected?



The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Maximize ROI with integrated control system approach; Microcontrollers vs. PLCs; Power quality; Accelerate and rewire IIoT; Traits for excellent engineers
HMI effectiveness; Distributed I/O; Engineers' Choice Award finalists; System Integrator advice; Inside Machines
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. As we know, PLCs aren’t the only option for making decisions in a control loop, but they are likely why you’re here.
This digital report explains how plant engineers and subject matter experts (SME) need support for time series data and its many challenges.
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Maximize ROI with integrated control system approach; Microcontrollers vs. PLCs; Power quality; Accelerate and rewire IIoT; Traits for excellent engineers
HMI effectiveness; Distributed I/O; Engineers' Choice Award finalists; System Integrator advice; Inside Machines
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. As we know, PLCs aren’t the only option for making decisions in a control loop, but they are likely why you’re here.
This digital report explains how plant engineers and subject matter experts (SME) need support for time series data and its many challenges.
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Maximize ROI with integrated control system approach; Microcontrollers vs. PLCs; Power quality; Accelerate and rewire IIoT; Traits for excellent engineers
HMI effectiveness; Distributed I/O; Engineers' Choice Award finalists; System Integrator advice; Inside Machines
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. As we know, PLCs aren’t the only option for making decisions in a control loop, but they are likely why you’re here.
This digital report explains how plant engineers and subject matter experts (SME) need support for time series data and its many challenges.
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me