The world's most capable, rugged and secure
industrial control system...

Introducing Bedrock OSA® Remote

  • Intrinsically-secure PLC and RTU control
  • 10 or 20 channels of universal I/O
  • Free IEC 61131-3 engineering software
  • -40ºC to +80ºC temperature range
  • Rugged, all-metal case 5.4 in x 8.9 in x 2.3 in
Learn More

Industry News

Cyber Security & Standards
 

When IT and OT Meet, What Happens to Cyber Security?

July 30, 2019
Robert Bergman

Applying information technology (IT) to operational technology (OT) is essential to realizing the promise of industrial digitalization, but with it comes cyber vulnerability.

 

“As OT becomes increasingly transformed digitally, connecting computer networks to systems such as conveyor belts, heating and cooling systems, and molding machines introduces security risks. Many devices and networks were not built with security in mind, and many rely on legacy technology requiring manual effort and human interaction to detect and mitigate cyber threats, resulting in downtimes or creating other unwanted consequences,” says digital analyst Marc Wilczek, writing in Dark Reading.

 

Wilczek elaborates: “Although the convergence of IT and OT improves operations, it eliminates the traditional gap between the two realms. The result is a broader attack surface, exposing OT to a multitude of DDoS attacks and other cyber-risks.”

 

Maximizing benefits of digitalization while protecting the broader attack surface requires IT and OT to collaborate more closely than is typically the case in many organizations. Quoted recently in CSO magazine, cyber security expert Joe Weiss, Managing Director of Applied Control Solutions, stresses the importance of ensuring that control system engineers are intimately involved in the process:

 

“In IT, if somebody tries the wrong password five times, you lock that person out. Taking the same approach to control access to a critical power plant system when somebody really needs to get to that system in a hurry can be disastrous,” said Weiss, who is also quoted as saying that such decisions without input from the control system team can potentially “reduce the facility to rubble. As a hacker, all I need to do is send the wrong password five times to lock you out,” as water treatment plants, food companies, oil refineries, and any other facility in which product quality control is intrinsic to production.

 

Wilczek sees the problem is particularly acute for organizations utilizing supervisory control and data acquisition (SCADA) and ICSs. “According to a study conducted by Forrester Research on behalf of Fortinet, nearly 90% of these organizations have suffered a security breach in those systems.”

 

Considering such realities, many companies are building teams with full representation of both IT and OT. Companies in more vulnerable industries, such as energy, oil and gas, are creating positions calling for expertise in both IT and OT cyber security. But surprisingly it does appear that there are still many companies who do not sense the urgency of the cyber threat. These threats today are both important and urgent to address.

 

See related story: Is the Industry Getting Complacent?

 
Cyber Security & Standards

Is the Industry Getting Complacent?

July 30, 2019
Albert Rooyakkers

Although 50% of the respondents to a 2019 SANS report on OT/ ICS cyber security rate threats high or critical, […]

Cyber Security & Standards

Supply Chains Under Attack

June 27, 2019
Robert Bergman

More proof that the instrumentation and control industry is concerned about supply chain security is evident in the fact that […]

Cyber Security & Standards

ICS and Supply Chain Security Gaining National Attention

June 27, 2019
Albert Rooyakkers

On the heels of its recent delineation of key components of the critical infrastructure, the U.S. Cybersecurity and Infrastructure Security […]