Better Security Operational Technology (OT) Systems Needed
Manufacturing processes grinding to a halt. Robots that suddenly build something different or spray the wrong color. It could become a reality if boards of directors don’t pay attention to making their operational technology more secure. The OT Community of Practice (CoP) brings together knowledge and expertise.
Industrial systems such as ICS and SCADA control physical business and production processes. These processes are becoming increasingly digitised and/or connected to the internet for the enormous opportunities involved. Sjoerd Peerlkamp from Secura explains that digitisation can for example improve maintenance, making production lines less likely to shut down. ‘’You can measure the vibrations of an engine and send the data digitally to the technical department. If the vibrations deviate too much from the average, it’s time to quickly replace the motor or to carry out maintenance.’’ Another example that Peerlkamp gives is energy management. ‘’The grid operator can lay extra thick cables to absorb all energy peaks, which is extremely expensive, or ensure that systems are temporarily switched off during peaks with careful measuring and switching. This saves huge investments, but also introduces new cyber risks.’’ Most automation within industrial systems has never considered the associated security. But now that more and more systems are connected to each other and the internet, the associated cyber risks are also increasing sharply.
The digital security of operational technology (OT) is still in its infancy. That’s not surprising, says Peerlkamp. ‘’OT systems last a very long time. They are therefore increasingly provided with online connections. But updating, patching, and securing is complicated. If you shut down an office system for an update, you can always print your report later or postpone your financial transactions for a while. But you don’t completely shut down a factory for an update. That costs a lot of money and involves risks when restarting. Everything is geared towards keeping the machines running, that’s the main priority.‘’ Peerlkamp therefore expects ransomware to be the biggest current threat to OT systems. Production processes are shut down and taken hostage or there is a threat to reset production robots to different settings. The cybercriminal wants you to pay for the ability to restart your own system.
Peerlkamp: ‘’The recovery time of a hacked OT system is many times greater than restoring a backup in the office environment. Semi-finished products can even have solidified while in a pipeline, so they will have to be replaced in the event of an attack. Due to the large losses when a production line is stopped, companies will be more likely to pay and will be willing to pay large sums for it. It is important to anticipate this and to put cybersecurity risks for operational processes high on the agenda of the management and to take appropriate measures as explained in, for example, IEC 62443.’’
Community of Practice
The available countermeasures vary widely. For example, it is possible to create safety zones based on risks and to separate them from each other. In addition, detection of deviating patterns is possible. ‘’OT systems are fairly predictable, so it’s relatively easy to control’’, says Peerlkamp. Just like other risks, cybersecurity risks should also be part of the risk management processes, so that conscious choices are made as to which risks are tackled and which risks are accepted. ‘’In addition, it is interesting to participate in HSD’s Community of Practice OT security.’’ This community consists of various companies and organisations involved in OT. They share knowledge and learn from each other. Peerlkamp: ‘’It is a very valuable community. Several organisations provide practical cases, while others explore, interpret and share new legislation. This way everyone makes a meaningful contribution.
And when a sector is further along than the other, you can learn from each other’s successes. For example, Secura has looked at all OT-related incidents in recent years and has made a trend analysis of techniques that hackers use to enter OT systems. This way others can arm themselves against these incidents. ‘’The community is growing thanks to the active role that HSD plays in this. HSD is now also looking at specific sectors such as horticulture and port companies. For the time being, there is still plenty to do in this area and in the Netherlands.”
Would you like to know more about the Community of Practice? Visit Security Insight. Here you will also find the latest OT Security trends and developments in the form of webinars, events, blogs, podcasts, and reports.