IT in Manufacturing


Not enough is being done around industrial cybersecurity

August 2017 IT in Manufacturing

From energy plants to airports, and mines to the manufacturing shop floor, companies are realising that the IIoT, (Industrial Internet of Things) presents an enormous potential for better efficiencies and sustained growth. Operational Technology (OT) and Information Technology (IT) networks are becoming more interconnected to take advantage of this potential, and although this could transform OT (scada, DCS, ICS) procedures and methods, it also brings with it new risks to the OT environment – risks for which the industry is not yet equipped to handle, cyber risks.

Tommy Thompson.
Tommy Thompson.

OT cyber attacks are not just theory, they are happening

Just in the last few months, we have seen two outbreaks of ransomware that brought a stop to production at a few of the world’s leading automotive manufacturers. To add to this, there have been several other well-publicised attacks against OT systems, and these attacks are only going to increase. These incidents are not just specific to one sector, as all industries in the OT space could be affected.

Critical infrastructure attacks are not just targeted at power companies, as was the case with a Ukraine power company that was attacked twice in a period of twelve months, resulting in over 80 000 households being affected. These attacks are also targeting water utility companies. In the past few years, there have been three major attacks against water utilities – in the first attack, a cyber criminal managed to compromise the OT environment and spill 800 000 litres of raw sewage into surrounding areas, including a 4-star hotel. In a second attack, an unknown group of cyber criminals compromised a utility’s OT systems and changed the chemical balance for drinking water. The affected water had to be pumped out to sea. In the most recent attack, a water department’s smart meter central management unit was hacked and used to reprogram all the smart meters.

There have also been cyber attacks against manufacturing companies. In one case against a glue manufacturing company in northern America, hackers managed to get into the OT system and then hold the company to ransom. In a more recent attack, a pharmaceutical company was compromised and the hackers aimed not only to steal the IP, but also at disrupting the manufacturing processes.

The risks and where to start

We need to acknowledge that these risks exist and pose a real threat to the industry. OT systems were not designed with security in mind; they were designed and built with availability, integrity, and uptime as the principal requirements. We need to create the awareness and understanding that these systems, that were in some cases previously separate (air-gapped), now need to be protected. Industrial espionage, cyber criminal gangs, extortion and ransom – these are just some of the threats that form part of the new threat landscape to OT systems. Attacks and disruptions on OT systems put reputation, production, people, and profits at risk.

Inserting a firewall between the corporate IT network and the OT environment is no longer enough. It’s a start, but the companies running these types of new generation OT systems need to build a more resilient infrastructure.

The cybersecurity process should start with the collaboration between the OT and IT teams. The IT team understands cybersecurity and the OT team understands ICS and scada and their unique requirements. A second step would be to perform a passive risk assessment along with segmenting your OT environment. During the assessment process, all OT assets will be identified, classified and then lastly, assigned a level of risk. The above process will also assist with the grouping of similar assets, which will allow for successful segmentation to help protect the various OT layers, along with adding a layered defence to the OT environment. There also needs to be the formulation of a functional cybersecurity policy, as this will help to outline where the company needs to go, and more importantly, what is needed to achieve the parameters set out in the cybersecurity policy.

To end it off, staff need to participate in cybersecurity awareness training. An educated employee can make better decisions when faced with a potential fraudulent email or someone who has contacted them, stating they are from IT and need to reset a password. An educated employee will also think twice about inserting a USB drive, perhaps found outside the parking lot, into the corporate network.

For more information contact Tommy Thompson, Nclose, +27 (0)11 463 0096, [email protected], www.nclose.com





Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

How AI is transforming software engineering in South Africa
IT in Manufacturing
Artificial intelligence is fundamentally reshaping the landscape of software engineering, particularly in South Africa, where the demand for innovative solutions is rapidly increasing.

Read more...
Top five manufacturing automation trends for 2025
Omron Electronics IT in Manufacturing
As we step into 2025, the world of industrial automation is approaching a new chapter. According to OMRON’s SINIC Theory, which ties technological advances to societal change, we’re now moving from the Optimisation Society to the Autonomous Society.

Read more...
PDS expansion into southern Africa
IT in Manufacturing
Benefiting from South Africa’s role as a global pioneer in proximity detection systems, other countries in the region are embracing this safety and monitoring technology to great effect.

Read more...
Bridging the gap between cybersecurity risk and awareness
IT in Manufacturing
Much like the rest of the world, South Africa grapples with challenges emanating from a digital landscape fraught with escalating cyberthreats that pose significant risks to businesses and other organisations.

Read more...
Data has a massive carbon footprint
IT in Manufacturing
The exponential growth of data has led to significant business challenges and environmental concerns for organisations to address. Data sprawl and redundancy increase storage requirements, consuming vast amounts of resources and energy.

Read more...
Photorealism-enhanced digital twin with digital reality viewer
Siemens South Africa IT in Manufacturing
Siemens Digital Industries Software has announced its Teamcenter Digital Reality Viewer, a new software solution that brings the NVIDIA Omniverse platform and accelerated computing to Teamcenter, enabling high-quality, high-performance photorealistic visualisation of large, complex datasets common in engineering and manufacturing.

Read more...
Quantum refrigerator paves way for reliable quantum computers
IT in Manufacturing
Quantum computers require extreme cooling to perform reliable calculations. Researchers at Chalmers University of Technology, Sweden, and the University of Maryland, USA, have engineered a new type of refrigerator that can autonomously cool superconducting qubits to record low temperatures, paving the way for more reliable quantum computation.

Read more...
Quantum leap or quantum risk? Balancing innovation and security
IT in Manufacturing
The emergence of quantum computing represents a transformative shift in technology, promising unparalleled computational power while posing significant risks, particularly cybersecurity.

Read more...
What is process automation and how can AI help?
IT in Manufacturing
Process automation uses software and technologies to automate corporate processes and functions to achieve organisational goals. These goals can include manufacturing a product, hiring an employee or providing customer service.

Read more...
Proactive maintenance for long-term sustainability
Schneider Electric South Africa IT in Manufacturing
: Businesses should prioritise long-term sustainability by implementing proactive maintenance strategies, acknowledging the strategic value of investing in maintenance and after-sales support

Read more...