This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

Finding common ground in IT and OT convergence to reduce security risks

07 January 2018

The interconnection of information technology (IT) and operational technology (OT) is a source of new opportunities and challenges. With increasingly automated and robotic supply chains, manufacturing is becoming more connected, but this exposure to external data flows inevitably leads to new risks, says Robert Wakim

One of the biggest challenges facing the food industry is to understand the level of risk and the impact that cyber security attacks can have, particularly as the transition to Industry 4.0 gathers speed.

Over the last two years, Stormshield has worked closely with Schneider Electric in a joint effort to respond to these industrial security issues. We understand network, workstation and server protection, while Schneider Electric understands OT.

What has been interesting is the realisation that there is a gulf between the priorities of food manufacturing engineers and the priorities of security and IT teams. For the engineers, the focus is on availability. Production must continue because any interruption could result in production losses and waste. Production must also be safe because engines, motors and processors carry a physical risk to operators. IT, on the other hand is not unduly worried about availability, but a computer network security breach could wipe out essential data and has the potential to let hackers gain access to control systems.

The joint project revealed that many manufacturing enterprises believe their production processes are unconnected to the Internet, or haven’t considered that there was even an Internet connection in the factory.

This was illustrated recently by a post from an engineer detailing how a problem arose in his control room. The local control system went down, the computers showed an error which resembled a ransomware attack, and it was only when a colleague went to make a coffee, that they realised the same error message was showing on the Internet-connected coffee machine. Instead of being solely connected to an isolated wi-fi connection, the machine had mistakenly been connected to the internal control room network.

The fact is that the gap between the factory and the Internet has become small, even non-existent, and with the growth of IoT connected devices, cyber security risks are escalating. For most engineering firms, however, the focus remains firmly on designing sophisticated systems that are robust and safe, and this is having a detrimental effect on securing networks.

How high is the risk??
In many ways, the lack of real concern in the food processing sector is understandable. Working with Schneider Electric, we realised that the technology used in manufacturing enterprises is rarely standard is highly complex, and often unique. This would mean that a malicious attack on industrial processes would have to be very specific in order to do harm.

But the status quo is about to change. A new virus, Industroyer, recently came to light and reports have indicated that it has the power to seriously damage or compromise industrial control systems. This virus can speak four industrial languages and is highly customisable, and the likelihood is that it would be used in targeted attacks. To what end? If not to extort money from individuals, then more likely to create attacks that disrupt vital infrastructure.

For all their robustness, industrial operational systems are not safe from attack, nor are they compatible with today’s interconnected environment. Now, as OT and IT systems converge, there is a need to find a balance between ensuring availability and securing themselves against cyberattacks.

Changing mindsets
?Observing industry, we have seen that change has to happen between departments and people before any change can be made to technology. Engineers literally speak a different language to IT managers, and they need to agree a common approach and strategy.

This becomes more important every day. The influence of Industry 4.0 on automation is bringing about huge changes and greater adoption of cloud and cognitive computing. With this comes a need for massive computer resources to support the flow of data to and from the cloud via IoT connected devices. In adopting Industry 4.0, food factories will be communicating in real-time across networks and that means they need to be secure.

Standard firewalls and security software are not enough. The project with Schneider showed that, when challenged, existing solutions lacked the necessary characteristics to be effective in industrial environments. So, as well as working harmoniously alongside industrial hardware, next-generation firewall hardware needed to be built to adapt to the industry prerequisite such as DIN rail mounts.

These solutions would be ‘hardened’ and ruggedised according to key criteria including temperature, dust and humidity. In order to provide the same level of security, the firmware would be the same as other firewalls, but include specific industrial protocols. And, in addition, they would be sensitive to the need for safety. Ordinarily, in an IT setting, if a firewall crashes, the network stops functioning. In an industrial setting, however, safety modes enable a packet to go through regardless of whether there is power, because for OT systems, availability and safety are the priorities and the factory has to be stopped in a safe position.

A key finding from this joint project was that compromise is the way forward. Both OT and IT need to work together to combat the risks, regardless of what those risks are. The threat to the new generation of manufacturing enterprise does not come from within if appropriate consideration is given to safety, availability and security.

Robert Wakim is the industrial offer manager at security solutions company, Stormshield.

Contact Details and Archive...

Print this page | E-mail this page


Article image What role does refrigeration play in the supply chain?

Controlling the temperature of food across the whole supply chain is vital to extend shelf life. But how much can be gained by food manufacturers through careful monitoring at all process stages?Full Story...

Article image A recipe for continuous improvement success

Suzanne Gill reports on the important role that continuous improvement has to play in ensuring food processes remain profitable in an ever more competitive environment. Full Story...

How to deliver assured air quality for production sensitive sites

Hygienic drainage for food safety

Owning your hygiene culture