The world's most capable, rugged and secure
industrial control system...
Introducing Bedrock OSA® Remote
- Intrinsically-secure PLC and RTU control
- 10 or 20 channels of universal I/O
- Free IEC 61131-3 engineering software
- -40ºC to +80ºC temperature range
- Rugged, all-metal case 5.4 in x 8.9 in x 2.3 in
When IT and OT Meet, What Happens to Cyber Security?
July 30, 2019 | Robert Bergman
Applying information technology (IT) to operational technology (OT) is essential to realizing the promise of industrial digitalization, but with it comes cyber vulnerability.
“As OT becomes increasingly transformed digitally, connecting computer networks to systems such as conveyor belts, heating and cooling systems, and molding machines introduces security risks. Many devices and networks were not built with security in mind, and many rely on legacy technology requiring manual effort and human interaction to detect and mitigate cyber threats, resulting in downtimes or creating other unwanted consequences,” says digital analyst Marc Wilczek, writing in Dark Reading.
Wilczek elaborates: “Although the convergence of IT and OT improves operations, it eliminates the traditional gap between the two realms. The result is a broader attack surface, exposing OT to a multitude of DDoS attacks and other cyber-risks.”
Maximizing benefits of digitalization while protecting the broader attack surface requires IT and OT to collaborate more closely than is typically the case in many organizations. Quoted recently in CSO magazine, cyber security expert Joe Weiss, Managing Director of Applied Control Solutions, stresses the importance of ensuring that control system engineers are intimately involved in the process:
“In IT, if somebody tries the wrong password five times, you lock that person out. Taking the same approach to control access to a critical power plant system when somebody really needs to get to that system in a hurry can be disastrous,” said Weiss, who is also quoted as saying that such decisions without input from the control system team can potentially “reduce the facility to rubble. As a hacker, all I need to do is send the wrong password five times to lock you out,” as water treatment plants, food companies, oil refineries, and any other facility in which product quality control is intrinsic to production.
Wilczek sees the problem is particularly acute for organizations utilizing supervisory control and data acquisition (SCADA) and ICSs. “According to a study conducted by Forrester Research on behalf of Fortinet, nearly 90% of these organizations have suffered a security breach in those systems.”
Considering such realities, many companies are building teams with full representation of both IT and OT. Companies in more vulnerable industries, such as energy, oil and gas, are creating positions calling for expertise in both IT and OT cyber security. But surprisingly it does appear that there are still many companies who do not sense the urgency of the cyber threat. These threats today are both important and urgent to address.
See related story: Is the Industry Getting Complacent?