Industrial Cybersecurity: Beyond IT
21 February, 2020 | Blog
According to an article published on the Canada News website, “Cybersecurity: Canadian businesses don’t feel the urge to act”, nearly half of Canadian companies have not seen fit to strengthen their IT security in 2019.
However, this article refers only to information technology (IT) security, an area where practices are much more advanced than those of operational technology (OT), which is still in its infancy in terms of industrial security.
What is industrial security?
Industrial security includes the following three components:
- Physical security to protect and control access to critical assets.
- Cybersecurity of electronic assets, including industrial control systems (ICS), to ensure they function properly.
- Human security to ensure people’s loyalty and integrity, whether personnel, suppliers of goods and services, or contractors.
How do IT and OT differ?
First, it is important to explain the fundamental differences between IT and OT—a subject that many people, including decision-makers, have yet to fully understand.
IT only manages data. Some types of data are more important or sensitive than others, depending on their classification level. For example, personal data is considered confidential to protect against identity theft and fraud.
OT is completely different. It manages physical processes such as electrical grids and critical infrastructure, including power systems, drinking water supplies, wastewater treatment, transportation telecommunications, lighting systems, industrial manufacturing processes, logistics, supply chains and more.
OT is therefore often associated with ICS, including programmable logic controllers, distributed control systems, motor controls, robot cells, human-machine interfaces and other smart devices.
The challenge with industrial security is to ensure that OT and ICS function properly and that their integrity, reliability and data confidentiality are protected.
Why are these technologies at risk?
The rise of Industry 4.0 presents increasing challenges in terms of digitalization, connectivity and IT convergence with OT. This process has led to increased vulnerability, which can be exploited by malicious individuals and prevent certain systems from functioning. It can also lead to unwanted physical occurrences such as uncontrollable movements, explosions, fires, mechanical failures, short circuits with arc flash, spills, leaks and exhaust that can affect the integrity of physical assets, people and the environment.
The solutions to protect against these industrial risks are not only related to technology; administrative measures—policies, frameworks, procedures and processes—must also be adopted, as well as people-oriented measures, such as staff awareness and training, and hiring industrial security officers.
Choose the right strategy
First, it is important to determine where your business stands with respect to industrial security and to identify the potential risks involved. Then, you must set up strategies to meet your needs and prioritize activities that need to be carried out. Finally, you must implement the necessary protective measures to ensure optimal risk management and reduce risks to an acceptable level for executive management. BBA’s cybersecurity team can help you face these challenges. For more information, contact our experts.
This content is for general information purposes only. All rights reserved ©BBA