IT in Manufacturing


A robust cybersecurity strategy is critical

May 2022 IT in Manufacturing

The need for a solid cybersecurity strategy is constantly discussed and debated, yet the basic worm-type attacks first documented in 1972 are still with us today. This is because even the most basic measures to protect control systems from these types of attacks are still not systematically employed. It is difficult to believe there are still thousands of systems in operation today without any basic security controls in place.

If you own a car, a house or a boat – just about any ‘big ticket’ item that would be expensive to replace – you protect that asset with insurance. However, when it comes to control system cybersecurity, this thinking is often not applied. Cyber experts are still struggling to convince senior management to spend money to protect their control system assets.


Why do companies not invest in cybersecurity? Partly, it is due to the issue of convincing companies to spend money on something that has no measurable return on investment (ROI). Of course, everyone knows cybersecurity is important and falls into the general category of risk management.

Control system owners do deploy cyber and security solutions as they are aware of the problem and take actions to avoid risks. However, many in the industrial world are still too focused on the big attack or hack, when the more likely risk is common malware that impacts a control system because it is running older, unprotected and unpatched operating systems.

This risk exists even if the system is ‘air-gapped’ from the business’s network. People often introduce data and software from removable media such as USB drives, exposing their systems to the potential for viruses along the way. As these air-gapped systems become more interconnected to enable integration with business applications, they become increasingly exposed to the Internet.

This vulnerability occurs because there is a fundamental disconnect between securing operational technology (OT) versus information technology (IT). As OT becomes more exposed to the Internet, it faces the same cybersecurity threats as any other networked system since operators have adopted the same hardware, software, networking protocols and operating systems that run and connect everyday business technologies, such as servers, PCs and networking equipment.

Getting up to cyber speed

When thinking about how to get started to fortify your cybersecurity profile, do not just look for some new technology that claims to mitigate all your risks – it does not exist. Doing the basics well before investing in advanced cyber technologies is key. To minimise your risks and get the most protection in the least time, you first need to plan and develop a cybersecurity programme that:

1. Identifies what assets you are trying to protect.

2. Determines how you are going to protect those assets.

3. Enables intrusion detection and monitoring.

4. Defines incident response processes and procedures.

5. Verifies mechanisms to restore and recover assets.

6. Ensures compliance with all regulatory standards set by local governing bodies.

These six steps follow well-trodden ground. All cybersecurity best-practice frameworks can be distilled into these basic steps: identify, protect, detect, respond, recover and comply. Understanding and managing the risks associated with a cyberattack and then protecting against these, or mitigating the consequences, can seem a daunting prospect, especially when this needs to be done in conjunction with the day-job of keeping a plant up and running.

Tried and tested solutions

ABB has enjoyed the following global successes in terms of its cybersecurity systems and solutions:

For a specialty chemicals company in the UK, ABB provided training to help employees spot, understand and remediate cybersecurity attacks. This was because the client had already identified a weakness in its employees’ knowledge regarding cybersecurity. ABB provided a cybersecurity gap assessment and recommended its T153 cybersecurity training course. The result was increased awareness on the part of employees, reducing the likelihood of cyberattacks succeeding due to human error.

For a natural gas storage facility in Germany, ABB provided a cybersecurity solution for regulatory compliance with ISO 27001. This was necessary for visibility of security events in DCS systems and connected networks, and to allow continuity with a dedicated partner. ABB Ability cybersecurity event monitoring allowed for automated ISO 27001 reports and monitoring through ABB’s Collaborative Operations Centre in Germany.

ABB also assisted a European energy provider with ISO 27001 regulatory compliance. ABB Ability cybersecurity event monitoring was implemented without affecting production. This robust solution was deployed across multiple IT and OT systems distributed across Austria. Here, ABB’s OT security expertise also covered third-party vendor systems. Benefits included reduced effort to meet compliance deadlines, increased cyber resilience and access to ABB’s industrial cybersecurity experts.

Conclusion

Understanding and managing the risks associated with a cyberattack, and then protecting against these or mitigating the consequences, can seem a daunting prospect, especially when this needs to be done in conjunction with keeping a plant up and running. The adage ‘it’s a journey, not a destination’ is very true when it comes to OT cybersecurity. ABB can support companies with this journey, and can do so in small ‘bite-sized’ steps to help companies take the next step.


Credit(s)



Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Five data centre trends to watch in 2025
IT in Manufacturing
Any innovation that comes out in 2025 – whether it’s flying cars, highly advanced AI or a breakthrough medical treatment – will be built on the back of an equally innovative IT foundation driven by data. Data that needs to be stored, managed and made accessible in the data centre, in the cloud or at the edge. Is it too much of a stretch to say the future of humankind is dependent on data storage? We don’t think so.

Read more...
Recovering from a cyberattack
IT in Manufacturing
While many organisations have invested heavily in frontline defence tools to try to keep out bad actors, they have spent far less time and money preparing for what happens when the criminals eventually get in. And they will get in.

Read more...
The value of proactive maintenance management
Schneider Electric South Africa IT in Manufacturing
Maintenance has come a long way from the days when we waited for things to break, and thanks to the ever-increasing capabilities of technology, predictive maintenance has become a viable solution for keeping equipment running smoothly and efficiently around the world.

Read more...
Significant decarbonisation can be achieved in the mining industry
ABB South Africa IT in Manufacturing
ABB has released a global report titled ‘Mining’s Moment’, which highlights the progress being made by the mining industry to make operations more sustainable.

Read more...
Pinpointing pipeline occurrences in seconds, not hours
Schneider Electric South Africa IT in Manufacturing
At any given moment, thousands of kilometres of critical assets flow through pipelines that cross veld, mountainous areas, dense forests, and even busy streets. Surprisingly, many of these pipelines operate either unmonitored or with scant oversight, leading to missed opportunities for operational continuity and efficiency.

Read more...
Integrated solutions power the future of mining
ABB South Africa Motion Control & Drives
ABB has a diverse array of solutions that cater to multiple industry sectors, and especially mining. Mining companies across South Africa are embracing automation and control technologies.

Read more...
Next-generation AI-enhanced electronic systems design software
Siemens South Africa IT in Manufacturing
Siemens Digital Industries Software has launched the latest advancement in its electronic systems design portfolio. The next-generation release takes an integrated and multidisciplinary approach, bringing a unified user experience that delivers cloud connectivity and AI capabilities to push the boundaries of innovation in electronic systems design.

Read more...
Spatial computing and AI – where no man has sustainably gone before
Schneider Electric South Africa IT in Manufacturing
Some will argue that we now live in a sci-fi world where we dream of electric sheep, and today’s technology – unlike HAL – can provide us with the answers we seek. To the realist it might seem a bit implausible, but when you start using terms like ‘spatial computing realises sustainable AI’ it doesn’t seem that far-fetched.

Read more...
The impact of gearless mill drive technology on CO2 emissions
ABB South Africa Motion Control & Drives
ABB has released an in-depth white paper detailing the vital role that gearless grinding technologies can play in driving productivity in mining while simultaneously reducing their carbon footprint.

Read more...
Safeguarding DCS today and tomorrow
Schneider Electric South Africa IT in Manufacturing
Today’s distributed control systems (DCS) are highly intelligent, converging OT and IT in a centralised manner that allows for simplified management and coordination of operations. It is technology evolution at its finest, but with a caveat, cybersecurity challenges.

Read more...