IT in Manufacturing


A robust cybersecurity strategy is critical

May 2022 IT in Manufacturing

The need for a solid cybersecurity strategy is constantly discussed and debated, yet the basic worm-type attacks first documented in 1972 are still with us today. This is because even the most basic measures to protect control systems from these types of attacks are still not systematically employed. It is difficult to believe there are still thousands of systems in operation today without any basic security controls in place.

If you own a car, a house or a boat – just about any ‘big ticket’ item that would be expensive to replace – you protect that asset with insurance. However, when it comes to control system cybersecurity, this thinking is often not applied. Cyber experts are still struggling to convince senior management to spend money to protect their control system assets.


Why do companies not invest in cybersecurity? Partly, it is due to the issue of convincing companies to spend money on something that has no measurable return on investment (ROI). Of course, everyone knows cybersecurity is important and falls into the general category of risk management.

Control system owners do deploy cyber and security solutions as they are aware of the problem and take actions to avoid risks. However, many in the industrial world are still too focused on the big attack or hack, when the more likely risk is common malware that impacts a control system because it is running older, unprotected and unpatched operating systems.

This risk exists even if the system is ‘air-gapped’ from the business’s network. People often introduce data and software from removable media such as USB drives, exposing their systems to the potential for viruses along the way. As these air-gapped systems become more interconnected to enable integration with business applications, they become increasingly exposed to the Internet.

This vulnerability occurs because there is a fundamental disconnect between securing operational technology (OT) versus information technology (IT). As OT becomes more exposed to the Internet, it faces the same cybersecurity threats as any other networked system since operators have adopted the same hardware, software, networking protocols and operating systems that run and connect everyday business technologies, such as servers, PCs and networking equipment.

Getting up to cyber speed

When thinking about how to get started to fortify your cybersecurity profile, do not just look for some new technology that claims to mitigate all your risks – it does not exist. Doing the basics well before investing in advanced cyber technologies is key. To minimise your risks and get the most protection in the least time, you first need to plan and develop a cybersecurity programme that:

1. Identifies what assets you are trying to protect.

2. Determines how you are going to protect those assets.

3. Enables intrusion detection and monitoring.

4. Defines incident response processes and procedures.

5. Verifies mechanisms to restore and recover assets.

6. Ensures compliance with all regulatory standards set by local governing bodies.

These six steps follow well-trodden ground. All cybersecurity best-practice frameworks can be distilled into these basic steps: identify, protect, detect, respond, recover and comply. Understanding and managing the risks associated with a cyberattack and then protecting against these, or mitigating the consequences, can seem a daunting prospect, especially when this needs to be done in conjunction with the day-job of keeping a plant up and running.

Tried and tested solutions

ABB has enjoyed the following global successes in terms of its cybersecurity systems and solutions:

For a specialty chemicals company in the UK, ABB provided training to help employees spot, understand and remediate cybersecurity attacks. This was because the client had already identified a weakness in its employees’ knowledge regarding cybersecurity. ABB provided a cybersecurity gap assessment and recommended its T153 cybersecurity training course. The result was increased awareness on the part of employees, reducing the likelihood of cyberattacks succeeding due to human error.

For a natural gas storage facility in Germany, ABB provided a cybersecurity solution for regulatory compliance with ISO 27001. This was necessary for visibility of security events in DCS systems and connected networks, and to allow continuity with a dedicated partner. ABB Ability cybersecurity event monitoring allowed for automated ISO 27001 reports and monitoring through ABB’s Collaborative Operations Centre in Germany.

ABB also assisted a European energy provider with ISO 27001 regulatory compliance. ABB Ability cybersecurity event monitoring was implemented without affecting production. This robust solution was deployed across multiple IT and OT systems distributed across Austria. Here, ABB’s OT security expertise also covered third-party vendor systems. Benefits included reduced effort to meet compliance deadlines, increased cyber resilience and access to ABB’s industrial cybersecurity experts.

Conclusion

Understanding and managing the risks associated with a cyberattack, and then protecting against these or mitigating the consequences, can seem a daunting prospect, especially when this needs to be done in conjunction with keeping a plant up and running. The adage ‘it’s a journey, not a destination’ is very true when it comes to OT cybersecurity. ABB can support companies with this journey, and can do so in small ‘bite-sized’ steps to help companies take the next step.


Credit(s)



Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Schneider Electric’s Five-Pillar Strategy takes the guesswork out of equip
Schneider Electric South Africa IT in Manufacturing
Schneider Electric’s Field Service Cycle, otherwise known as the Five-Pillar Strategy, is a structured approach to managing the lifecycle of equipment to prolong asset lifespan while reducing the total cost of ownership for customers.

Read more...
Enhancing operational safety and efficiency through advanced risk-based modelling
IT in Manufacturing
Now, more than ever, capital and operational cost can be reduced while enhancing operational safety and increasing production uptime by applying transformative methods such as Computational Fluid Dynamics modelling.

Read more...
Laying the groundwork in IT/OT
IT in Manufacturing
In the realm of manufacturing, the core mandate is to deliver value to stakeholders. For many in the industry, this is best achieved through a risk-averse approach. Only upon establishing a robust foundation should a business consider venturing into advanced optimisation or cutting-edge technological innovations such as industrial AI.

Read more...
Family of analysers for smart and efficient chlorine measurement
ABB South Africa Sensors & Transducers
ABB has launched ChloroStar, a family of sensors, transmitters and accessories for accurate and reliable chlorine measurement and analysis that enable users in the water, wastewater and other industries to control chlorine more efficiently, enhancing treatment and increasing process uptime.

Read more...
Looking into the future of machine vision
Omron Electronics IT in Manufacturing
Artificial intelligence (AI) is driving a significant transformation in all areas of industrial automation, and machine vision is no exception. Omron’s AI-powered machine vision systems seamlessly integrate state-of-the-art algorithms, enabling machines to analyse and interpret visual data meticulously.

Read more...
Driving digital transformation in the truck industry
Siemens South Africa IT in Manufacturing
Tatra Trucks, a leading truck manufacturer in Czechia, has adopted the Siemens Xcelerator portfolio of industry software including Teamcenter software for product lifecycle management and the Mendix low code platform to help increase production volume and strengthen its ability to manufacture vehicles that meet specific customer requirements.

Read more...
Opinion piece: Digital twins in manufacturing – design, optimise and expand
Schneider Electric South Africa IT in Manufacturing
Digital twin technology can help create better products, fast. It can also transform the work of product development. This strong statement from McKinsey reinforces how far digital twins have come in manufacturing.

Read more...
Asset tracking is key to driving operational excellence and sustainable growth
Schneider Electric South Africa IT in Manufacturing
Asset tracking plays a critical role in the success of industrial businesses. By effectively managing and monitoring assets, companies can optimise their operations, ensuring that resources are used efficiently. This leads to improved productivity and reduced costs.

Read more...
Siemens democratises AI-driven PCB design for small and medium electronics teams
Siemens South Africa IT in Manufacturing
Siemens Digital Industries Software is making its AI-enhanced electronic systems design technology more accessible to small and mid-sized businesses with PADS Pro Essentials software and Xpedition Standard software.

Read more...
Predicting and preventing cyber-attacks with AI and generative AI
IT in Manufacturing
The speed at which cyber threats are evolving is unprecedented. As a result, companies need to implement state-of-the-art technology to protect their data and systems.

Read more...









While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd | All Rights Reserved