Every business is well aware of the importance of cybersecurity to its operation’s success. They encourage their staff to regularly change their passwords, run seminars on how to spot phishing attacks like the one that compromised over 1,000 passwords, and emphasizes data encryption when transferring files and sending sensitive emails. These are all important steps, and when done well, they can be sufficient for companies that provide digital services.
In factories, water processing facilities, and other industrial settings, sensors, and other connected devices dominate the environment, and with the rise of IoT, such devices represent an ever-present security risk. And, because they’re markedly different from the servers and other enterprise technologies widely used in offices, they require a different approach to security.
Where IT Meets OT
In order to secure sensor-based devices, AI, and other tools used in industrial settings, businesses will need to embrace a blended approach to security, in which standard IT strategies mesh with the operational technology (OT). This is a challenge because many OT elements, while connected to the internet, use outdated legacy technology that can’t defend against modern cybersecurity issues. Before they can secure these systems, then, businesses need to get a sense of their existing software supply chain and work to update legacy technology to make it compatible with today’s security norms.
It may seem odd to talk about controlling who has access to business OT, since much of it is out in public, including on the manufacturing floor in larger factories. When cybersecurity experts talk about controlling access, however, they’re not talking about physical interactions – their focus is on protecting digital access. The best way to do this is through segmentation.
Segmentation is just one part of the larger secure deployment process used in industrial settings, and it involves breaking down the different elements of the internal system and adding layers of protection to ensure only specific users can access that part of the system. It’s a lot like securing parts of a server within a traditional IT framework, and with the right tools, it can be done without redesigning the entire network architecture.
Building Threat Awareness
Another element of tackling OT security issues is one that the sector shares in common with more traditional IT: situational awareness. This takes several forms, including maintaining an awareness of how each element will be used as it is constructed, as well as ongoing industry threats. For example, if similar businesses have experienced hacks, then your technology may be similarly vulnerable. Hackers tend to target similar businesses all at once because they’re likely to have common security weaknesses. Unfortunately, by the time another company’s victimization comes to light, it may be too late to correct your own issues, which is why it’s so important to develop security frameworks before encountering problems.
As Industrial IoT (IIoT) expands, businesses will likely have access to more updated systems, but adoption will be slow given the costs of such technology. However, the growth of IIoT will model for businesses the potential – and the practices underpinning – more secure OT.
Connectivity is ushering in a new era in industrial operations, and it’s time to embrace those changes.