Industrial operations in serious need of improved cybersecurity: ABI
Source: John Liu
The arrival of Industry 4.0
and the Industrial Internet of Things (IIoT)
have opened the floodgates to serious cybersecurity risks, threatening to cause billions of dollars in damage to industrial operations worldwide, ABI Research says in a recent report.
Despite the imminent danger, investment to beef up cybersecurity for industrial control systems (ICS) is very much in shortage, ABI said. This may impact multiple verticals including manufacturing, oil and gas
, critical infrastructure and nuclear power.
are expected to find their way into traditionally sheltered industrial networks, wreaking havoc to severely underprepared systems. “The cybersecurity threats faced in ICS are unlike any other,” warned Dimitrios Pavlakis, Industry Analyst for ABI Research.
“ICS are, quite literally, powering the world’s leading and most critical industries,” Pavlakis said. “A well-placed cyberattack can cause human casualties, billions in infrastructure damage, and even bring certain operations of a country’s critical infrastructure to a grinding halt.”
Social engineering, or the use of deception to manipulate individuals into divulging confidential or personal information, used in combination with numeral cyber-attacks in the past, have proved that “digitized industrial systems are not only quite vulnerable but also a very attractive target for cyber-attackers,” ABI says.
IT vs. OT issue
At the root of this security problem is the juxtaposition of information technology (IT) and operational technology (OT)
, according to ABI.
“Industrial cybersecurity strategies need a radical rethink and should be built from the OT ground up to address the evolving threat landscape,” Pavlakis said.
The practice of customizing IT security before placing it into an OT environment is not the answer. This is an example that indicates the inherent confusion regarding ICS security, Pavlakis noted.
The same security procedures, protocols, network/user/device protection and ID management that make sense in corporate IT environments cannot be applied to industrial ones, ABI said.
Doing so will not only exacerbate the “IT vs. OT” issue, but also hinder security operations as well as integration of security products with ICS equipment, ABI added.
Vendors attempt to address the issue
“There has been increased movement by both leading vendors and start-ups” to address the ICS security challenge, ABI said. Industry giants in the OT space like Siemens, Schneider Electric, Honeywell and ABB, are making great improvement on digital security in their own lines of industrial equipment.
Other leading vendors like Forescout is tackling issues holistically, Sierra Wireless is offering application-specific solutions and Phoenix Contact is enhancing ICS components.
Finally, start-ups like Dragos, Xage Security, Sentryo, CyberX Labs, SCADAfence and Veracity Industrial Networks are focusing on network visibility, OT asset management, interoperability and integration with IT security products - with a key emphasis on security information and event management integration, according to ABI.
Among the building blocks for developing an ICS cybersecurity strategy are increasing security infrastructure investment without hindering industrial operational objectives; managing the IT-OT convergence in a streamlined approach; developing new KPIs for cybersecurity operations; and tending to the rising concerns from AI-borne cyber threats, Pavlakis noted.