IT in Manufacturing

A robust cybersecurity strategy is critical

May 2022 IT in Manufacturing

The need for a solid cybersecurity strategy is constantly discussed and debated, yet the basic worm-type attacks first documented in 1972 are still with us today. This is because even the most basic measures to protect control systems from these types of attacks are still not systematically employed. It is difficult to believe there are still thousands of systems in operation today without any basic security controls in place.

If you own a car, a house or a boat – just about any ‘big ticket’ item that would be expensive to replace – you protect that asset with insurance. However, when it comes to control system cybersecurity, this thinking is often not applied. Cyber experts are still struggling to convince senior management to spend money to protect their control system assets.

Why do companies not invest in cybersecurity? Partly, it is due to the issue of convincing companies to spend money on something that has no measurable return on investment (ROI). Of course, everyone knows cybersecurity is important and falls into the general category of risk management.

Control system owners do deploy cyber and security solutions as they are aware of the problem and take actions to avoid risks. However, many in the industrial world are still too focused on the big attack or hack, when the more likely risk is common malware that impacts a control system because it is running older, unprotected and unpatched operating systems.

This risk exists even if the system is ‘air-gapped’ from the business’s network. People often introduce data and software from removable media such as USB drives, exposing their systems to the potential for viruses along the way. As these air-gapped systems become more interconnected to enable integration with business applications, they become increasingly exposed to the Internet.

This vulnerability occurs because there is a fundamental disconnect between securing operational technology (OT) versus information technology (IT). As OT becomes more exposed to the Internet, it faces the same cybersecurity threats as any other networked system since operators have adopted the same hardware, software, networking protocols and operating systems that run and connect everyday business technologies, such as servers, PCs and networking equipment.

Getting up to cyber speed

When thinking about how to get started to fortify your cybersecurity profile, do not just look for some new technology that claims to mitigate all your risks – it does not exist. Doing the basics well before investing in advanced cyber technologies is key. To minimise your risks and get the most protection in the least time, you first need to plan and develop a cybersecurity programme that:

1. Identifies what assets you are trying to protect.

2. Determines how you are going to protect those assets.

3. Enables intrusion detection and monitoring.

4. Defines incident response processes and procedures.

5. Verifies mechanisms to restore and recover assets.

6. Ensures compliance with all regulatory standards set by local governing bodies.

These six steps follow well-trodden ground. All cybersecurity best-practice frameworks can be distilled into these basic steps: identify, protect, detect, respond, recover and comply. Understanding and managing the risks associated with a cyberattack and then protecting against these, or mitigating the consequences, can seem a daunting prospect, especially when this needs to be done in conjunction with the day-job of keeping a plant up and running.

Tried and tested solutions

ABB has enjoyed the following global successes in terms of its cybersecurity systems and solutions:

For a specialty chemicals company in the UK, ABB provided training to help employees spot, understand and remediate cybersecurity attacks. This was because the client had already identified a weakness in its employees’ knowledge regarding cybersecurity. ABB provided a cybersecurity gap assessment and recommended its T153 cybersecurity training course. The result was increased awareness on the part of employees, reducing the likelihood of cyberattacks succeeding due to human error.

For a natural gas storage facility in Germany, ABB provided a cybersecurity solution for regulatory compliance with ISO 27001. This was necessary for visibility of security events in DCS systems and connected networks, and to allow continuity with a dedicated partner. ABB Ability cybersecurity event monitoring allowed for automated ISO 27001 reports and monitoring through ABB’s Collaborative Operations Centre in Germany.

ABB also assisted a European energy provider with ISO 27001 regulatory compliance. ABB Ability cybersecurity event monitoring was implemented without affecting production. This robust solution was deployed across multiple IT and OT systems distributed across Austria. Here, ABB’s OT security expertise also covered third-party vendor systems. Benefits included reduced effort to meet compliance deadlines, increased cyber resilience and access to ABB’s industrial cybersecurity experts.


Understanding and managing the risks associated with a cyberattack, and then protecting against these or mitigating the consequences, can seem a daunting prospect, especially when this needs to be done in conjunction with keeping a plant up and running. The adage ‘it’s a journey, not a destination’ is very true when it comes to OT cybersecurity. ABB can support companies with this journey, and can do so in small ‘bite-sized’ steps to help companies take the next step.

For more information contact ABB South Africa, +27 10 202 5000,,


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Young unemployed graduate gets kickstart to his career
ABB South Africa Editor's Choice News
The training provided by ABB is hands-on and will see Momelezi Sifumba rotate through different departments and activities to ensure his practical experience is as well-rounded as possible.

High-speed Ethernet up to 1 km with Gigabit Ethernet extenders
Phoenix Contact IT in Manufacturing
With Power-over-Link and Power-over-Ethernet functions, the entire Gigabit Ethernet extender network and connected PoE devices are supplied with power via the data lines.

Ready for industrial network evolution?
RJ Connect Editor's Choice IT in Manufacturing
To prepare for the future, it is time for industrial networks to evolve, and Moxa is committed to helping them take the leap towards the next generation of networking.

Are engineers equipped with 4IR skills?
Editor's Choice IT in Manufacturing
Technology has evolved exponentially in the last 10 years, much faster than the 10 years before. A gap will undoubtedly develop if technology evolves faster than our skills. Therefore, we must start immediately identifying the gaps and what 4IR skills we need to fill them.

Valmet mobile maintenance app
Valmet Automation IT in Manufacturing
VMM meets industrial cybersecurity standards, follows all best practices and guidelines, and is audited by an accredited service provider.

Business platform to accelerate digital transformation
Siemens South Africa IT in Manufacturing
Siemens has launched an open digital business platform, Siemens Xcelerator, to accelerate digital transformation and value creation for customers of all sizes in industry, buildings, grids and mobility. The business platform makes digital transformation easier, faster and scalable.

South African manufacturing sector’s readiness for Industry 4.0
Editor's Choice IT in Manufacturing
New research from PwC’s Insights into the I4.0 Readiness of SA Manufacturing 2022 report shows that I4.0 tools have the ability to increase the quality, flexibility, performance and overall competitiveness of the manufacturing sector. 

Security certified IIoT edge gateway
Omron Electronics IT in Manufacturing
The DIN-mountable device can be installed in machine control panels to provide remote access for on-demand, real-time servicing of industrial equipment.

ABB’s automatic paper testing delivers faster quality insights
ABB South Africa Maintenance, Test & Measurement, Calibration
Quality data from the L&W Autoline is collected in the mill's quality management system via integration with the 800xA DCS.

EPLAN relegates device data DIY to history
EPLAN Software & Services IT in Manufacturing
With the new Data Portal Request Process, customers can order individual device data in Data Standard quality using a credit system.