IT in Manufacturing


Preventing cyberattacks

August 2023 IT in Manufacturing

A common misconception is that both cyberattacks and cybersecurity controls are sophisticated and complex. “In fact, the methods criminals use to infiltrate industrial networks are often relatively straightforward,” warns Charles Blackbeard, business development manager for ABB Ability Digital Solutions.

“Therefore, it follows that protection measures also often do not need to be overly convoluted, especially when implemented in line with a defined strategy based on a risk assessment, and managed by a user-friendly application that enables everyone to be part of cybersecurity efforts.”

Cybercriminals may gain access to a facility through insecure remote login software by exploiting disclosed vulnerabilities in the software or sending phishing emails to employees, who open them on a system connected to the plant network. Attackers may then take control of the mouse on an individual workstation and perform malicious tasks, undetected in the guise of a control system engineer performing their typical job but remotely.

“While controls such as patching, malware protection and system backups offer essential protection from cyberattacks, they need a solid foundation,” stresses Blackbeard. Suppose an industrial system is built on a poorly designed, indefensible network, where all devices are separated from the internet by a single firewall. In that case, additional risks are added to the mix and may even offset the benefit from the implemented security controls.”

Combining this with an ageing distributed control system relying on unsupported Windows computers makes it much easier for attackers to find and infiltrate the operation without using sophisticated methods. Implementing and maintaining even the most basic security controls upon a solid architecture significantly reduces the risk of being compromised. Over time, when the assessed threat changes, one may need to add more security to stay ahead and remain aligned with the company’s strategy and risk appetite.

According to the SANS 2021 OT/ICS Cybersecurity Report, 48% of organisations surveyed did not know whether their industrial control system (ICS) had been compromised. “That statement by itself is rather disturbing, but even more so when coupled with the evidence that most systems already are or have been compromised,” highlights Blackbeard. “This illustrates that the urgent need to secure operational environments is matched only by the need for cultural change. Leadership must understand and support OT cybersecurity efforts and instigate an organisational cultural shift to prioritise training and action. Without culture and behavioural change, it is unlikely that any investment in technology or software will lead to long-term protection.”

The threat posed by cyberattacks on industry regarding financial loss, production downtime and reputational damage cannot be underestimated. A total of 61% of factories report that they have experienced a critical cybersecurity incident, while 75% say an incident has halted production. The average cost of OT-specific malware attacks for organisations is nearly R50 million. Ransomware attacks carried out by criminals for financial gain account for around eight out of ten attacks. Industrial companies are viewed as easy, high-value targets whose OT systems may be outdated, unprotected and exploitable, maybe even via the internet, making an attack even easier.

He adds that the question industrial companies should be asking is not “Can I afford to implement a cybersecurity strategy?”, but rather “Can I afford not to?”. Viewed in terms of business criticality, protecting internal systems from hackers is now a business priority, particularly when it comes to critical public infrastructure such as electricity, or fuel and water supplies.

Defining ROI from cybersecurity is never easy, because you are effectively buying risk insurance, rather than tangible increases in revenue and production. However, companies are increasingly aware that security is not just about protecting critical assets: it is also about answering to investors and protecting their right to operate by complying with international best practices and standards.

Keep in mind that the yearly cost of implementing a robust cybersecurity strategy and controls that can be upgraded to respond to evolving threats to OT production assets, in partnership with a trusted service and technology provider, works out far less than the cost of an insurance policy. A well-implemented cybersecurity strategy may reduce the insurance premium to fund these cyber efforts partly or fully.

ABB Ability Cybersecurity Workplace (CSWP) simplifies the process of monitoring and maintaining foundational security controls by collecting security-relevant data from implemented cybersecurity solutions and forwarding it into a consolidated application. Operators can seamlessly monitor the status of basic security controls such as patching, malware protection and system backup, perform standard security tasks, and receive alerts with actionable insights to remediate weaknesses and reduce risks – all from a single, easy to use dashboard.

This makes maintaining your cybersecurity easier, quicker and less daunting. CSWP is scalable, meaning it can be updated with new security features to keep up with evolving threats, and support regulatory compliance without a lengthy learning curve. For example, an industrial plant may have McAfee malware protection software, and Windows Server for patching, and separate software for backup, which can be complex to operate and maintain.

CSWP makes this both standardised and configurable, and consolidates all security controls into one view so that staff do not have to access multiple applications. Equipping frontline workers with the tools to secure the operational environment also reduces labour and operating costs. Another feature requested by many is the power to isolate the OT and IT environments with a click of a button, and prevent IT network intrusions and external actors from affecting the OT systems and potentially harming people, assets or the environment. CSWP also reduces the risks associated with remote access by managing user accounts and authentication, notifying staff when someone remotely accesses the systems, and letting operators activate and terminate remote sessions at will.


Credit(s)



Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Bringing brownfield plants back to life
Schneider Electric South Africa IT in Manufacturing
Today’s brownfield plants are typically characterised by outdated equipment and processes, and face challenges ranging from inefficient operations to safety hazards. However, all is not lost, as these plants stand to gain a lot from digitalisation and automation.

Read more...
ABB’s value-adding products and solutions
ABB South Africa Motion Control & Drives
A technology leader driving the digital transformation of industries, with a history of innovation spanning over 130 years, ABB had a major presence at Electra Mining Africa 2024.

Read more...
Let’s talk about acid mine drainage
Schneider Electric South Africa IT in Manufacturing
A recent report – ‘Remediation Potential of Mining, Agro-Industrial and Urban Wastes Against Acid Mine Drainage’ – highlights the impact of sulphide minerals, a geological byproduct of mining, on the environment. The mining sector inadvertently contributes to acid mine drainage.

Read more...
Cybersecurity or catastrophe
IT in Manufacturing
Businesses must recognise the crucial need to transform their organisational structures to keep pace with the rapidly evolving digital landscape. However, it is equally important for organisations to consider the associated risks to ensure long-term resilience.

Read more...
Automatic schematic generation in the cloud
IT in Manufacturing
Automating the generation of schematics leads to faster results and fewer errors. Solutions provider, Eplan has developed a variety of technical approaches for this process. One of these is the cloud-based software, eBuild, allowing users to generate their projects with a simple mouse click.

Read more...
DesignSpark revolutionises engineering
RS South Africa IT in Manufacturing
RS South Africa has transformed the engineering landscape with DesignSpark, its comprehensive suite of resources and solutions tailored to meet the diverse needs of engineers across industries. It empowers engineers of all skill levels to innovate, collaborate and succeed in their endeavours.

Read more...
Digital twin technology gives the edge in America’s Cup
Siemens South Africa IT in Manufacturing
The Orient Express Racing Team is using the Siemens Xcelerator portfolio of industry software to aid in preparation for the upcoming 37th America’s Cup, and to gain competitive advantage.

Read more...
ABB modernises key board mill
ABB South Africa PLCs, DCSs & Controllers
ABB has secured a landmark contract to modernise Smurfit Kappa’s Paper Machine 5 at its corrugated cardboard mill near Mexico City. ABB will provide Smurfit Kappa with DCS, accompanied by a comprehensive paper machine drives system, encompassing some of the market’s most advanced drives and motors meticulously designed to optimise PM5’s performance.

Read more...
Fully modular time reference systems
Vepac Electronics IT in Manufacturing
The fully modular time reference systems from Vepac Electronics offer precise and reliable time synchronisation at extremely competitive prices, and they are particularly well suited for critical infrastructure applications.

Read more...
Predictive maintenance is built on digitisation and automation
Schneider Electric South Africa IT in Manufacturing
The predictive maintenance marketplace is set to grow at a CAGR of 17% until 2028. Driving this growth are industries with heavy assets and high downtime costs, such as mining, minerals and metals.

Read more...