This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

Protecting OT technology from cyber breach

02 October 2023

Figures from the Centre for Economics and Business Research (CEBR) and gov.uk estimate the cost to UK businesses of cyber breaches is more than £18bn. From a general manufacturing perspective cyber-attack brings the risk of lost production, theft of intellectual property and the negative impact on brand confidence, as well as potential environmental damage if safety systems are affected.

It is therefore not surprising to find, according to a Make UK report, the threat of cyber-attacks is preventing some 35% of manufacturers from investing in digitalisation.

Despite this, the risk of not investing in digital transformation is enormous, both in terms of potential lost performance and capacity. In the IT space, many food manufacturers have started the journey to improve security through schemes such as Cyber Essentials and, for larger manufacturers, implementation of standards such as ISO 27001. But these standards really do not address the needs of the operational technology space especially around the growth in the importance of data and connectivity within an operational manufacturing plant.

David Bean, Solutions Manager at Mitsubishi Electric, argues that food manufacturers need to do more to protect their operational technology from cyber breach. This includes following the same requirements that owners of safety critical infrastructure must achieve through the Networked Information Systems Directive regulations (NIS-D).

“From an operational technology (OT) perspective, there are now established standards that provide all the stakeholders in a deployed industrial automation system, asset owners, system designers, integrators and the individual product vendors, with tools and guidelines to help them secure an installation against cyber-attack,” he said. “Chief amongst these is IEC 62443, which provides a systematic and practical approach to cyber security for plant OT systems, covering every aspect from initial risk assessment right through to operations. It defines the differing security roles of the key stakeholders, specifying the unique requirements for each security level within the control ecosystem.”

IEC 62443 reinforces the accepted ‘defence in depth’ strategy, defining methodologies for implementing OT cyber security measures and outlining procedures as well as policies that can form the methods, for firstly hindering an attack and secondly recovering from an attack.

“It is notable that IEC 62443 places the onus on the automation equipment supplier to embed protective features within their products to contribute to system design considerations and lifecycle management, as well as respond to any vulnerabilities that may be discovered,” pointed out David. “This is something Mitsubishi Electric takes seriously. Its products have long offered a range of security features that support the development of a robust cyber security strategy. The ‘defence in depth’ approach adopted when advising on the methodologies that should be used to implement secure networks and control systems are closely aligned with IEC 62443.”

Evolving cyber threats in the OT as well as IT space mean that implementing robust cyber security solutions is a vital element of a successful digital transformation strategy and ensures that food manufacturers can boost productivity and enhance their competitiveness.


Contact Details and Archive...

Print this page | E-mail this page