The new cyber reality has made operational technology (OT) operators crucial to securing manufacturing networks—the most targeted sector of industrial cyber-attacks in 2015, according to the U.S. Department of Homeland Security.
OT Operators, long considered outside of the cyber fold, are playing an essential role in the adoption of new industrial technologies that increase the productivity and efficiency of Industrial Control Systems (ICS), the core of critical infrastructure and manufacturing industries. Today, one of the most dangerous cybersecurity risks that manufacturers face comes from factories and production lines.
In what is called the Industrial Internet of Things (IIoT), these factory machines—OT equipment—are being connected to external environments and even the internet, unlike the air gap or isolation approach that was used in the past. Thanks to IIoT, manufacturers get valuable access to data, improved production rates, better flexibility to respond to market demands and valuable remote access to their industrial networks for maintenance and support. IIoT is advancing manufacturing so significantly that some have dubbed it the fourth industrial revolution, or Industrie 4.0, defined by the convergence of OT and IT.
Until recently, these distinct technologies were kept entirely separate from one another. Accordingly, the departments that operate them had few, if any connections. However, to maximize security and profitability, IT/OT collaboration needs to improve as the next phase of the IIoT revolution.
These organizational changes must reflect the changes on the shop floor—just as IT and OT are converging, CIOs, CISOs and OT operators need to work together. By improving OT/IT collaboration, any organization using an industrial network, be it a critical infrastructure or manufacturing site, can improve its security position and enable IIoT business opportunities.
Despite the internet facing production environments, IT and OT departments remain disjointed entities across the manufacturing industry. Hackers have noticed this design gap and are seizing the opportunity to profit from breaching ICS/SCADA networks. As recently as July, ransomware was found posing as a Rockwell Automation update, which represents one of three main threats manufacturers face.
The first set of threats is operational downtime and physical damage. In such cases, hackers could break into an industrial network to hold it hostage in exchange for payment or to sabotage production. Altering SCADA network operations could also create physical damage, as with an attack that caused a massive explosion in a German steel plant last winter.
The second threat is product manipulation, which could allow hackers to alter the assembly or content of a product; one such attack was disclosed in March, in which hackers tampered with chemical levels at a water treatment facility. A similar breach could, nearly without detection, manipulate the content of medicine or change the ingredients of a popular snack.
Last, but not least, hackers with access to a SCADA network could steal intellectual property and sensitive data, such as the exact recipe for Coca-Cola. This threat was highlighted by one of the most infamous attacks on SCADA networks, Dragonfly, designed to steal intellectual property from pharmaceutical companies. Dangerous as they may be, manufacturers can substantially limit their vulnerability to these threats by engendering collaboration between CISOs and OT operators.
Historically, these departments have not needed to collaborate, because their goals and technologies have been entirely independent. OT operators are in charge of ensuring their production network operates at maximum efficiency without any failures; while CISOs focus on the secure, quick, flexible transmission and storage of data and procedures. At times, these goals can be incompatible with one another.
To remain fast, flexible, and secure, CISOs need to rapidly implement new security measures and patch existing systems. In this process, CISOs frequently shutdown machines to install updates. In contrast, shutdowns of OT equipment are a last resort because they are a major blow to productivity and provide no guarantee that the systems will work as desired. When OT operators do need to make changes, they do so only after they methodically calculate and test the consequences. The reason for these differences relates not only to their goals, but the equipment CISOs and OT operators use.
Some of the most heavy-duty equipment in the world is found in industrial environments, where machines endure serious physical strain and an intense climate. These machines are also intended to work for years, if not decades without significant changes. Brief by comparison, most IT equipment is typically expected to be in use for a period of only a few years, and if they malfunction, the result is hardly ever an explosion.
However, these distinctions are coming to an end with smart manufacturing. Industrial environments are now a shared space between OT and IT equipment. Moreover, SCADA networks are strongly connected to the internet and to corporate networks, which brings IT into the OT world.
Moving forward, manufacturers need to give the power to the CISO to lead a team of combined OT/IT professionals, of which the OT operators are critical members. For a SCADA network to enjoy IIoT, it requires the secure, uninterrupted flow of information and operations—this must become a primary goal of smart manufacturers, as the consequences of SCADA attacks have demonstrated.
To find, create and implement the proper OT cybersecurity solutions, OT operators’ experience and expertise are essential. Only OT operators have a complete understanding of unique architectures and purposes of OT equipment. In implementing solutions, team members not only need to share knowledge, but share missions. Specifically, CISOs need to be mindful of the demands placed on OT operators to operate with maximum efficiency. Likewise, OT operators need to understand the role and purpose of SCADA security, as well as the developing cyber threats facing their industrial network.
With shared understanding and a set of common goals, CISOs can implement thorough security solutions and policies across their corporation, and limit the substantial liability created by human error and non-compliance. A unified IT/OT team can provide training and education to raise plant employees’ awareness, as well as prevent availability from being jeopardized. Indeed, security improvements do more than keep you safe.