Editor's Choice
Analytical Instrumentation & Environmental Monitoring
Data Acquisition & Telemetry
Electrical Power & Protection
Enclosures, Cabling & Connectors
Fieldbus & Industrial Networking
Flow Measurement & Control
Industrial Computer Hardware
Industrial Wireless
IS & Ex
IT in Manufacturing
Level Measurement & Control
Maintenance, Test & Measurement, Calibration
Mass Measurement
Motion Control & Drives
News
Operator Interfaces, Switches & Relays
PLCs, DCSs & Controllers
Pneumatics & Hydraulics
Pressure Measurement & Control
SAIMC
SCADA/HMI
Sensors & Transducers
Smart Home Automation
System Integration & Control Systems Design
Temperature Measurement
Training & Education
Valves, Actuators & Pump Control


IT in Manufacturing



Print this page printer friendly version

Not enough is being done around industrial cybersecurity

August 2017 IT in Manufacturing

From energy plants to airports, and mines to the manufacturing shop floor, companies are realising that the IIoT, (Industrial Internet of Things) presents an enormous potential for better efficiencies and sustained growth. Operational Technology (OT) and Information Technology (IT) networks are becoming more interconnected to take advantage of this potential, and although this could transform OT (scada, DCS, ICS) procedures and methods, it also brings with it new risks to the OT environment – risks for which the industry is not yet equipped to handle, cyber risks.

Tommy Thompson.
Tommy Thompson.

OT cyber attacks are not just theory, they are happening

Just in the last few months, we have seen two outbreaks of ransomware that brought a stop to production at a few of the world’s leading automotive manufacturers. To add to this, there have been several other well-publicised attacks against OT systems, and these attacks are only going to increase. These incidents are not just specific to one sector, as all industries in the OT space could be affected.

Critical infrastructure attacks are not just targeted at power companies, as was the case with a Ukraine power company that was attacked twice in a period of twelve months, resulting in over 80 000 households being affected. These attacks are also targeting water utility companies. In the past few years, there have been three major attacks against water utilities – in the first attack, a cyber criminal managed to compromise the OT environment and spill 800 000 litres of raw sewage into surrounding areas, including a 4-star hotel. In a second attack, an unknown group of cyber criminals compromised a utility’s OT systems and changed the chemical balance for drinking water. The affected water had to be pumped out to sea. In the most recent attack, a water department’s smart meter central management unit was hacked and used to reprogram all the smart meters.

There have also been cyber attacks against manufacturing companies. In one case against a glue manufacturing company in northern America, hackers managed to get into the OT system and then hold the company to ransom. In a more recent attack, a pharmaceutical company was compromised and the hackers aimed not only to steal the IP, but also at disrupting the manufacturing processes.

The risks and where to start

We need to acknowledge that these risks exist and pose a real threat to the industry. OT systems were not designed with security in mind; they were designed and built with availability, integrity, and uptime as the principal requirements. We need to create the awareness and understanding that these systems, that were in some cases previously separate (air-gapped), now need to be protected. Industrial espionage, cyber criminal gangs, extortion and ransom – these are just some of the threats that form part of the new threat landscape to OT systems. Attacks and disruptions on OT systems put reputation, production, people, and profits at risk.

Inserting a firewall between the corporate IT network and the OT environment is no longer enough. It’s a start, but the companies running these types of new generation OT systems need to build a more resilient infrastructure.

The cybersecurity process should start with the collaboration between the OT and IT teams. The IT team understands cybersecurity and the OT team understands ICS and scada and their unique requirements. A second step would be to perform a passive risk assessment along with segmenting your OT environment. During the assessment process, all OT assets will be identified, classified and then lastly, assigned a level of risk. The above process will also assist with the grouping of similar assets, which will allow for successful segmentation to help protect the various OT layers, along with adding a layered defence to the OT environment. There also needs to be the formulation of a functional cybersecurity policy, as this will help to outline where the company needs to go, and more importantly, what is needed to achieve the parameters set out in the cybersecurity policy.

To end it off, staff need to participate in cybersecurity awareness training. An educated employee can make better decisions when faced with a potential fraudulent email or someone who has contacted them, stating they are from IT and need to reset a password. An educated employee will also think twice about inserting a USB drive, perhaps found outside the parking lot, into the corporate network.

For more information contact Tommy Thompson, Nclose, +27 (0)11 463 0096, [email protected], www.nclose.com





Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

OMRON simplifies safety verification for SA manufacturers
Omron Electronics IT in Manufacturing
OMRON’s NX Safety platform, Online Safety Functional Test Verification is a feature built into the Sysmac Studio engineering environment. This intuitive tool allows safety verification to be carried out digitally, with step-by-step guidance and full traceability, all from a single workstation.

Read more...
Range of CDUs to meet the rising demands of HPC and AI workloads
Schneider Electric South Africa IT in Manufacturing
Motivair by Schneider Electric has introduced two new coolant distribution units that are engineered to meet the rising thermal demands of HPC and AI workloads.

Read more...
Data centre design powers up for AI, digital twins and adaptive liquid cooling
IT in Manufacturing
The Vertiv Frontiers report, which draws on expertise from across the organisation, details the technology trends driving current and future data centre innovation, from powering up for AI, to digital twins, to adaptive liquid cooling.

Read more...
Siemens drives next-generation vehicle development
Siemens South Africa IT in Manufacturing
The Siemens PAVE360 Automotive technology is a new category of digital twin software that is pre-integrated and designed as an off-the-shelf offering to address the escalating complexity of automotive hardware and software integration.

Read more...
How digital infrastructure design choices will decide who wins in AI
Schneider Electric South Africa IT in Manufacturing
As AI drives continues to disrupt industries across the world, the race is no longer just about smarter models or better data. It’s about building infrastructure powerful enough to support innovation at scale.

Read more...
How quantum computing and AI are driving the next wave of cyber defence innovation
IT in Manufacturing
We are standing at the edge of a new cybersecurity frontier, shaped by quantum computing, AI and the ever-expanding IIoT. To stay ahead of increasingly sophisticated threats, organisations must embrace a new paradigm that is proactive, integrated and rooted in zero-trust architectures.

Read more...
2026: The Year of AI execution for South African businesses
IT in Manufacturing
As we start 2026, artificial intelligence in South Africa is entering a new era defined not by experimentation, but by execution. Across the region, the conversation is shifting from “how do we build AI?” to “how do we power, govern and scale it responsibly?”

Read more...
AIoT drives transformation in manufacturing and energy industries
IT in Manufacturing
AIoT, the convergence of artificial intelligence and the Internet of Things, is enhancing efficiency, security and decision making at manufacturing, industrial and energy companies worldwide

Read more...
Today’s advanced safety system is but the beginning
Schneider Electric South Africa IT in Manufacturing
Industrial safety systems have come a long way since the days of hardwired emergency shutdowns. Today, safety systems are not just barriers against risk; they are enablers of safer operations.

Read more...
Siemens brings the industrial metaverse to life
Siemens South Africa IT in Manufacturing
Siemens has announced a new software solution that builds Industrial metaverse environments at scale, empowering organisations to apply industrial AI, simulation and real-time physical data to make decisions virtually, at speed and at scale.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd | All Rights Reserved