While bringing operational technology online promises to transform the industrial sector, key stakeholders need to prioritize cybersecurity practices that protect newly connected assets.
From manufacturing to logistics, connected operational technology (OT) promises to have a transformative impact on the way industrial companies function. Indeed, as the Industrial Internet of Things (IIoT) converts previously analog assets (i.e. thermometers, pressure gauges, and electrical hardware) into connected systems linked to IT networks, businesses stand to benefit from new efficiencies and streamlined operations.
While the potential benefits of connected OT are dramatic — experts predict that the market for IIoT will reach $123 billion by 2021 — the challenges are equally formidable. In addition to integrating intelligent OT systems with enterprise networks and IT platforms, bringing this technology online presents a wide range of cybersecurity risks.
Cybercriminals who may have ignored OT assets in the past are now gaining access to a wealth of new user endpoints (and attack vectors). While the convergence of OT and IT is a relatively new phenomenon, bad actors are already taking advantage. In fact, the Department of Homeland Security recently detailed how Russian cybercriminals have been targeting American energy grids and other critical infrastructure.
This reality underscores the need for the industrial sector to prioritize cybersecurity as part of their IIoT efforts. While it will be challenging to maintain watertight security in what is a still-evolving field, the advantages of fully-connected IIoT systems will be too compelling to pass up on.
Historically, OT and IT have existed as more-or-less separate, siloed environments within enterprises. IT departments were concerned with improving digital infrastructure and managing the flow of information. OT teams were focused on cutting production costs and ensuring that critical physical workflows continued safely and on schedule.
As these two environments merge, however, connected OT systems have the potential to jumpstart innovation and transform the way that industrial enterprises operate. For instance, greater insight into operational functions can allow stakeholders to better monitor performance, analyze key metrics, and create new efficiencies. Bringing these systems online can allow teams to spot production bottlenecks and design solutions to address problems even before they occur.
What’s more, “intelligent” OT can help keep employees safer when they’re on the job. From oil rigs to factory floors, connected OT systems that keep tabs on temperature readings, pressure levels, and machinery performance can give advanced warning if something is amiss, or raise alerts if it’s time for maintenance. These advantages — when deployed properly — can protect workers, cut costs, and boost productivity.
While the industrial enterprise will understandably want to move fast to reap the benefits of connected OT, it’s important that they understand the cybersecurity risks involved with bringing these assets online. From Russian probing of American infrastructure to the WannaCry and Petya attacks that wrought havoc on hospitals, manufacturing plants, and financial institutions, bad actors are learning how to effectively target newly-vulnerable OT systems.
Cybercriminals might exploit the bridge between OT and IT to steal valuable information on industrial systems that they can then use to mount further breaches. They may also pursue other vectors such as DDoS attacks that can flood OT systems and cause widespread problems. In industrial settings, these assaults can bring production to a grinding halt or even put workers’ safety in danger.
An additional dimension that makes securing OT more difficult is that cybersecurity professionals will need to develop practices to contain these risks in an emerging, nascent space. Because networked OT is in many cases completely new territory, and because the security of industrial systems, power grids, and important infrastructure are paramount to business continuity and even national security, the stakes are high even as the potential benefits increase.
For industrial enterprises and infrastructure experts looking to make the most of connected OT, the way forward in terms of cybersecurity is understandably daunting. To confidently protect these systems from bad actors, OT teams will need to leverage cybersecurity best practices that have been developed and honed in the IT space.
However, that doesn’t mean that organizations should just hire entire IT teams in one fell swoop to build these security environments from the ground up. Instead, they would do well to partner with a managed services provider (MSP) that can deliver high-level expertise on an as-needed basis. This will ensure that OT systems have sophisticated cybersecurity protections in place from the moment they come online.
By working with Turn-key Technologies (TTI), you’ll benefit from three decades of experience in the networking space. Our team has the resources necessary to secure emerging OT networks — whether you’re managing an oil rig, a high-tech production line, or a “smart” warehouse. If you’re looking for a tailored solution to a specific OT need or you’re curious what comprehensive support for your OT plans might look like, the experts at TTI can help.
May 7, 2019
Please, rotate your device