IT Challenges

Part
01
of two
Part
01

IT Challenges When Integrating OT

IT professionals face a number of challenges when it comes to the security of Operational Technology. Some of them have been outlined below.

1. Varying Origins of Components

  • Operational Technology (OT) is characterized by "the hardware and software dedicated to monitoring and controlling physical devices such as valves, pumps, etc."
  • Many times, these components are procured from varying vendors and most of these components are prioritized based on their cost as opposed to their security features.
  • The overarching system, made up of smaller components from varying sources, amplifies the level of cyberthreat and poses an increased risk to the IT professionals handling these systems.

2. IT vs. Production

  • Since the sensors and controlling devices used in OT are being used in manufacturing setups, the responsibility of these systems is usually assigned to the industrial and/or resources department and IT personnel rarely have a say in this matter.
  • This is a serious matter since IT departments should also be taken in the loop when it comes to OT because these devices are operated through the internet and are thereby prone to cyberattacks.

3. One-Size-Fits-All Approach

  • OT is unique and implementing a traditional cybersecurity approach may not work.
  • An example is patching. IT professionals may introduce patches for a given situation, which when run on an infected system eliminate the given cyberthreat.
  • With OT, the implementation of patches is not that easy and the assessment of their success, once they have been implemented, may also be tricky.

4. IT and OT Isolation

  • When it comes to industries where OT systems are being used, IT systems are usually set up in isolation from the OT systems, which means that the OT systems have nothing to do with IT. This reduces the maneuverability of IT professionals.
  • Such was the case with a large oil and gas corporation, which came under scrutiny when the company faced frequent cyberattacks. The company then worked towards resolving this issue by creating "an integrated cybersecurity organization under a chief security officer aligned with the risk function".

5. Remote Access

  • OT environments allow remote access to third-party vendors, which increases the domain for the implementation of cybersecurity measures drastically.
  • This, in turn, makes the IT personnel's job more difficult as they have to cover more ground to ensure that the entire system is foolproof.

Research Strategy

We have outlined several challenges facing IT professionals today when they are tasked with the implementation of cybersecurity measures on an OT system. We also found some other challenges. e.g. the use of legacy environments and widespread operations throughout the globe, however, we selected the ones which are most apt to IT professionals and Operational Technology.
Part
02
of two
Part
02

Cybersecurity in Manufacturing

Cybersecurity in manufacturing environments is becoming a growing concern. The following insights present a case in supporting the hypothesis that cybersecurity is a higher concern in manufacturing environments.

1. Recent Cyberattacks

  • Recent cyberattacks have caused some serious damage to manufacturing companies making it more of a concern to the manufacturing industry. The more widely known attacks include Wannacry in Taiwan and NotPetya in Ukraine, however, companies have been infected in other parts of the world as well.
  • A Boeing production plant, in South Carolina, was recently hit by the renowned Wannacry malware, which could potentially spread to airplane software and caused operational interruption. The chief engineer at the company had to send a company-wide memo to alert operations outside that facility.
  • According to a recent report by Artemis, 60% of its manufacturing clients were hit by an attack relating to Wannacry during the last 6 months.

2. Espionage

  • Industrial espionage is defined as the theft of trade secrets, which may then be sold to a competitor. It may be characterized by the theft of intellectual property, e.g. "manufacturing processes, chemical formulas, recipes, techniques or ideas."
  • The manufacturing industry faced more cases of cyber-espionage (27.4%) than any other industry worldwide in 2014.
  • Examples of industrial espionage in the manufacturing industry include the attack on Gillette and Avery Dennison.

3. Not Just for Money

  • Cyberattacks are no longer being conducted only for financial gains. They have recently played roles in attacking the economies of countries by attacking their manufacturing industries.
  • Examples of such instances include the launch of Wannacry by North Korea and NotPetya by Russia (against Ukraine). These may be used as political campaigns against a given country.
  • The national security adviser to Trump administration attributed responsibility for the launch of Wannacry to North Korea.

4. The Shift to Digital

  • The manufacturing industry, like many others, is experiencing an increasing need to shift processes to digital. For example, the use of "networking machinery along with computers, using CAD/CAM data files, integrating machine-learning software, and let's not forget introducing Industry 4.0 devices."
  • This shift is creating more opportunities for hackers, particularly with the advent of the fourth industrial revolution, also known as Industry 4.0.

5. The Easy-er Target

  • The manufacturing industry has become an easier target for hackers as many other industries, especially the banking and financial industries, are becoming increasingly out-of-reach for hackers with the development and implementation of improved cybersecurity frameworks.

Research Strategy

We started our research by investigating whether cybersecurity is becoming an increasing risk for the manufacturing industry. With manufacturing industries being reported as focusing on cybersecurity and many of them experiencing large cyberattacks during recent times, we have provided several arguments that support the hypothesis that cybersecurity is a higher concern in manufacturing environments than many other industries.
Sources
Sources