Cybersecurity reduces physical, software and network-based risks to manufacturing; manufacturing operations rely heavily on automation, control systems and other technologies that are vulnerable to cyber threats. Cyber threats can disrupt operations, cause equipment damage and result in financial losses, so it is important for manufacturers to take steps to reduce risks. Cybersecurity risk reduction may include smarter designs, firewalls, implementing access controls, encryption to protect data and communication, training, and physical deterents.
The importance of focusing on cybersecurity for SI projects
Industrial control system (ICS) cybersecurity is increasingly important. From the start, involve the right people from operational technology (OT) and information technology (IT) to collaborate on OT cybersecurity needs.
Cybersecurity has become more than a buzzword for manufacturers in recent years as more devices connect to the internet. This increased connectivity makes more devices vulnerable because they aren’t protected the same way a computer is. This means companies must be more vigilant and prepared for potential attacks. System integrators (SIs) can help manufacturers and other companies prepare with a thorough audit and plan during the project.
CFE Media: Has cybersecurity increased in priority in system integration (SI) projects?
We are seeing a larger IT influence on projects regarding cybersecurity, so things like control system access, role-based security, and industrial control system (ICS) asset identification are becoming more prevalent in operational technology (OT)-centric projects.
CFE Media: What are some of the biggest cybersecurity obstacles in SI projects?
Unfortunately, we still run into many industrial control systems with limited or no restrictive security access and authorization. At the same time, cyber- and data-security departments are trying to pursue zero-trust security frameworks. This issue is compounded by the information technology (IT) team’s unfamiliarity of the OT side of the house, so the overarching issue is alignment between these groups.
CFE Media: How do you help turn that challenge into a strength?
We have had high success with IT/OT convergence by involving the right people from the customer and within our organization from the start. If a security conversation is not already happening, we broker a meeting with the customer’s IT and cybersecurity groups and gain credibility by having our industrial network and security engineers present, to speak their language. Building trust with the enterprise IT and security departments is paramount to helping the customer achieve cybersecurity goals.
CFE Media: Has the COVID-19 pandemic changed the approach to cybersecurity?
Secure remote access to industrial control systems received a lot of attention from IT and security departments during the pandemic. This has been for the better because IT personnel have gotten to see some security struggles OT has had for years. IT can only help if they understand the unique requirements of ICS equipment and applications.
CFE Media: What has Malisko learned from the increased focus on cybersecurity?
Accurate asset inventory and a means to monitor network traffic in ICS environments are starting to become a requirement of many IT departments, and these directives are, many times, from the chief information security officer (CISO) or CEO. Increased media visibility on cyber-attacks in manufacturing has many stakeholders realizing they are, in many cases, years behind where they need to be with ICS security.
CFE Media: What other advice would you give about cybersecurity in system integration?
Be a champion for IT/OT convergence and help spread the message to the OT side of the house that IT folks can help. Embrace building relationships with the IT and security personas on the enterprise side to build trust. They will help you achieve best-in-class cybersecurity practices in the ICS environment, if you let them.
What is OT in cyber security?
OT, or operational technology, refers to the hardware and software used to control and monitor industrial processes, such as manufacturing, power generation and logistics or transportation. OT systems are typically found in industries such as manufacturing, energy and utilities, and include things like programmable logic controllers (PLCs), supervisory control and data acquisition (SCADA) systems, and industrial control systems (ICS).
Cybersecurity in the context of OT refers to the protection of these systems from cyber attacks. These systems are typically designed to perform specific functions and are not connected to the internet, they are often considered to be "air-gapped" systems, which makes them less vulnerable to traditional forms of cyber attacks. However, as these systems become more connected to the internet, they are becoming increasingly vulnerable to cyber threats, such as malware and ransomware attacks. Devices and system introduced to air-gapped systems also add risk.
What is vulnerability management in OT cybersecurity?
Vulnerability management in OT cybersecurity is similar to the process in IT cybersecurity, but with a focus on identifying and mitigating vulnerabilities in operational technology systems such as programmable logic controllers (PLCs), supervisory control and data acquisition (SCADA) systems and industrial control systems (ICS).
What is IT/OT convergence?
IT/OT convergence refers to the integration of information technology (IT) systems and operational technology (OT) systems.
IT systems are typically used to manage an organization's data, communications and business processes, while OT systems are used to control and monitor industrial processes such as manufacturing, power generation and logistics or transportation.
The convergence of IT and OT systems allows for better coordination and communication between different parts of an organization, as well as improved monitoring and control of industrial processes. This can lead to increased efficiency, better decision-making and improved overall performance.
However, IT/OT convergence also brings new security challenges, as IT systems are more connected to the internet and therefore vulnerable to cyber attacks, while OT systems were not originally designed to be connected to the internet and have different security requirements. Therefore, security measures must be put in place to ensure the safety and integrity of the systems and data.
Why is cybersecurity important for manufacturing?
Cybersecurity is important for manufacturing because it helps protect the integrity and availability of industrial control systems (ICS) and operational technology (OT) that are used to control and monitor manufacturing processes.
Manufacturing industries rely heavily on ICS and OT systems, such as programmable logic controllers (PLCs) and supervisory control and data acquisition (SCADA) systems, to automate and control production lines and other critical infrastructure. These systems are responsible for controlling and monitoring everything from factory floor equipment to the supply chain and logistics. If these systems are compromised, it can lead to loss of production, damage to equipment and even safety hazards for employees and the environment or people outside the plant or facility.
Cyber-attacks on manufacturing industries can also lead to intellectual property theft, financial loss and damage to the organization's reputation. Therefore, it is crucial for manufacturing organizations to have robust cybersecurity measures in place to protect against cyber-attacks and ensure the safe and reliable operation of their industrial systems and processes.
Some FAQ content was compiled with the assistance of ChatGPT. Due to the limitations of AI tools, all content was edited and reviewed by our content team.