Electricity and Control February 2021

CYBERSECURITY

Securing IoT devices and networked machinery

Lukas van der Merwe, Specialist Sales Executive: Security at T-Systems South Africa

C yberattacks on Internet of Things (IoT) devices are increasing at an unprecedented pace and this puts manufacturing companies at risk of hackers bringing production processes to a standstill and/or stealing business-critical data. According to the 2019 SonicWall Cyber Threat Report i , there were 13.5 million IoT attacks in the first half of 2019, an increase of 55% compared to the first six months of the previous year. This highlights the alarming speed with which IoT devices are being compromised to deliver malware payloads. For manufacturing companies, it spells an urgent need to introduce new security strategies for networked machinery, a critical enabler of business innovation and efficiency that, traditionally, has not been designed with security in mind. IoT/Operational Technology (OT) devices are essentially soft targets for hackers, as they are unseen on traditional security networks. They are also unmanaged and unpatched, and often have weak or default credentials, as well as vulnerable open source components. The more industrial control systems are connected to the internet, including those that are remotely accessible to allow remote process monitoring, system maintenance, process control and production data analysis, the larger the exposure becomes for an organisation. Blurring the lines The increased adoption of IoT and big data is blurring the lines between IT and OT, and the increased attack surface results in a heightened risk of cyberattacks. These risks must be mitigated, as digital transformation continues and is driving a greater urgency to bridge the cybersecurity gap between IT and OT. While companies can optimise development, production and logistics processes based on operational and status data, industrial control systems lose their previously insular position once production machines are networked. The machines send data to control systems and, in some cases, communicate via the internet with devices in other locations. In the case of maintenance work, specialist service staff may access machines remotely, either because the specialist resources are not on site, or to save costs. Companies can increase productivity in this way – but where the production operations and office spheres of a company were previously separated, there are now IT links, and this gives hackers a gateway. Overall, cybersecurity is emerging as one of the top barriers to implementing Industry 4.0 strategies successfully among many manufacturing companies. It is proving to be a major challenge in the manufacturing environment, mainly due to the risks posed by devices and systems that are unseen across the IT estate.

A paradigm shift At the same time, an increasing number of enterprises are beginning to recognise the need to bridge the gaps between IT and OT. This challenge is being taken much more seriously than it was a few years ago. It requires a major paradigm shift where numerous factors must be considered. Organisations need to recognise that people in the OT space do not respond well to change. So, ‘digital empathy’ must underpin the

Lukas van der Merwe, T-Systems South Africa.

deployment of security tools, recognising and responding to people and their working environments, and removing the blockers to productivity that traditionally present themselves. With the assistance of an experienced technology solutions provider, organisations can empower those people to be part of the journey to improve productivity and build bridges to enable digital transformation at a whole new level. A suitable partner can accelerate a company’s digitalisation initiatives with the simplest and most robust solutions for reducing risk from IoT/OT network threats and unmanaged devices. This can be done via a passive approach that has no impact on productivity or the manufacturing technology. Bridging the gap between OT and IT security should not be done by force, or seen as a retrofit, but should be about creating something new, especially in highly bespoke environments. Industrial companies often (legitimately) fear that IT security solutions in the field of industrial control systems can interfere with production processes, so security providers must adapt their strategies – typically developed within the world of IT security – for correct use in the OT environment.

For more information visit: www.t-systems.com/za/en

References [i] https://blog.sonicwall.com/en-us/2019/07/mid-year-update-2019- sonicwall-cyber-threat-report/

Electricity + Control FEBRUARY 2021

31