Harald Reisinger, CEO of RadarServices
In 2017, the world was turned upside down. Damage running into billions was caused by a number of cyber attacks. For the first time, global market leaders were made aware of security flaws in their systems and of the vulnerability of their operational technology (OT). NotPetya and Petya, WannaCry and Industroyer malware showed that no industry is immune to serious attacks. Since then, industrial security, the security of production plants, has taken on a new meaning.
The elimination of known IT security flaws should be standard practice in companies. Yet processes between IT security and IT operations do not always run smoothly. No checks are made on whether and when patches are applied. Patching industrial control software is made more complicated because the systems have to run 24/7 and cannot be restarted. Installing updates seems impossible, therefore systems run on outdated control software.
Who is responsible for OT security?
Many major corporations have already installed a Chief Information Security Officer for their IT. This role does not exist in OT. IT and OT security are developing at different speeds and run in parallel. They have different processes, standards and priorities.
For many years IT had little influence in OT, only the advent of “Industry 4.0” brought the breakthrough. OT and IT are now closely interconnected, communicate constantly with one another and their working processes are seamlessly intertwined. And security is lagging behind.
How to safeguard OT
Establish structures, standardise strategies
IT and OT connectivity keeps expanding. The same principle applies to IT and OT security: IT and OT strategies and structures must be standardised and processes must be harmonised. Separate tasks must be eliminated and data silos broken down. Sharing an IT and OT analysis platform, result processing and reporting to all stakeholders in the company will simplify the process.
Establishing an OT early warning system
Attacks cannot be prevented. The more a company focuses on promptly detecting actual IT risks instead of repulsing “imaginary” dangers, the more efficiently and purposefully it uses its resources and the more it limits the damage in the event of an attack. This approach requires continuous OT security monitoring and structured processes.
Gaining access to expert know-how
Machine learning is a significant trend in IT and OT security. But as things stand at present, it is not yet possible to replace the analytical skills of human beings. Information relevant to safety has to be analysed, assessed and prioritised by experts. This is the basis for initiating the correct countermeasures. Insights into the security situation must be presented centrally on a daily basis, both for internal security teams and for company management. The information must focus on crucial events, so that elimination can concentrate fully on what is actually important.
An integrated approach must be taken to establishing IT and OT security. The main focus is always on prompt risk detection. This is the basis for the correct countermeasures.