Home / Analysis / Security  /  Industrial Cybersecurity: A Strategic Project That Must Not Be Underestimated

Share This Post

Analysis / Security

Industrial Cybersecurity: A Strategic Project That Must Not Be Underestimated

cybersecurity

As traditional industrial systems and Operational Technology (OT) become more connected, cyber threats unique to the engineering and manufacturing sectors represent a significant danger. The vulnerability of organisations in energy and transportation, amongst many other industries have already been highlighted during an increasing number of incidents in recent years. It is clear that cyberterrorism can harm not only production, but also the brand reputation of industrial players. Which makes it essential that solid security policies are adopted by organisations to arm themselves not just against today’s insidious threats, but for the increasingly sophisticated attacks that will inevitably follow.

Protecting The Production Line From A To Z 

Any vulnerability in the network has the potential to allow access to hackers. This puts not just the infrastructure of the organisation at risk, but its data, its employees and customers, and particularly in the case of utilities companies, the environment too. New attacks regularly illustrate the weakness of unprotected systems. However, operational constraints in industrial organisations reduce opportunities for updating the infrastructure. Production has to continue, which puts IT changes way down on the list of priorities. So, it makes sense to rely on central devices that cover both Operational Technology (OT) and Information Technology (IT), to ensure that production systems benefit from a combination of protection measures with no negative impact on business.

Workstations: No Longer A Weak Spot In The Security Chain

In a Microsoft Windows environment, which is the mainstay of the industrial sector, workstations have been the weak spots in the operations system. An efficient infrastructure must be able to cope with highly sophisticated cyberattacks as well as negligence as a result of human error – the biggest cause of cybersecurity incidents. This can be tackled with the use of various advanced components such as behavioural analysis or control of peripheral devices such as pre-enrolled or pre-scanned USB keys that otherwise would be a real danger and can expose the industrial system to various intrusions. 

Secure Remote Workstations & Remote Access 

Increasingly, the gap between industrial systems and the Internet is closing, and as these systems are maintained, moved onto the cloud for optimisation or made available remotely, any inherent weaknesses are exposed. This puts them at risk of cybercriminals always looking for ways to exploit a chink in the armour. Manufacturers and engineers are focused on designing sophisticated systems, but integrating these with networks means that additional attention must be paid to ensuring remote access is well guarded and the remote workstation is secure. 

Guarantee High Network Availability 

Despite their robustness, industrial operational systems are not safe from attack, nor are they compatible with today’s interconnected environment. Now, as OT and IT systems converge, there is an urgent need to find a balance between ensuring availability and securing themselves against cyberattacks. High availability means that “fail-open” systems, which remain ‘open’ to allow operations to continue even when failure conditions are present, must become mandatory. 

Industrial sectors are beginning to understand that the risks to their OT systems are different to those that can impact their IT systems, but that doesn’t make them any more important. The OT and IT environments are moving closer, with many benefits to organisations, but as they do this, the importance of protecting both to ensure availability whilst combating the risk of cyberattacks becomes ever more essential.

Share This Post

Robert Wakim is the Industrial Offer Manager at Stormshield. He graduated in both Econometrics and Computer Science and has been in the computer industry for more than 10 years. He started as a developer before joining Stormshield in 2011, where he became head of the Research and Development team in Paris.