In my line of work, I regularly speak with CSOs and CTOs to understand the challenges causing them sleepless nights – and it’s not trade wars or COVID-19. It’s OT security, which is the only defence against the recent epidemic of unrelenting and irreparable ransomware attacks.
Progressive manufacturers are eagerly adopting smart factory technologies and leveraging the interconnecting capabilities of IoT, to drive efficiency, improve product quality and keep up with customer demands – at the same time as reducing costs and downtime.
But with this connectivity comes a wave of added exposure to cyberattacks. And it’s for this reason that accelerating the journey to more mature OT security now sits at the top of almost every manufacturer’s business agenda.
OT security isn’t just a case of keeping your factory open and enhancing efficiency, it’s protecting your product, safeguarding share prices and avoiding potentially crippling financial and reputational damage.
But more than that, it can quite literally be the difference between life or death.
Protecting people and the planet
OT (operational technology) is the equipment that runs your manufacturing plant. In today’s digital factory, IoT is connecting this equipment and allowing machines to effectively communicate with one another to revolutionize and automate the manufacturing process.
But what we’re now seeing, especially in the wake of increased remote working, is more people – and more devices – connecting manufacturing equipment to unsecure networks, which increases the attack surface and exposes manufacturers to a neverending stream of cybersecurity threats.
Cyberattackers are gleefully rubbing their hands at this prospect, and are almost spoilt for choice when it comes to choosing what device to compromise. But what’s worse, ransomware attacks have moved beyond simply shutting down operations and demanding a fee to give you back control, which is damaging enough at the best of times. Instead, they’re compromising networks and then patiently waiting for the optimum time to strike.
Perhaps worse still, attacks are becoming more sophisticated and bad actors are realising that changing the metric has much bigger consequences and reputational impact. For example, if you’re making a widget and it’s 13mm, if this is expanded by 0.5mm without your knowledge, you’ve got a significant product issue that’s going straight out the door.
The financial and reputational costs of this can be catastrophic when you have to potentially recall millions of products. But that’s nothing compared to the health and safety implications, if said widget was to make its way into a car or aeroplane.
In the case of chemical factories, we’ve also seen rogue agents locking workers inside and threatening to cause chemical leaks. Similarly, there’s been instances of criminals opening dams and flooding villages in developing countries, which only begins to scratch the surface of the potential environmental damage and threats to human life these ransomware attacks can bring.
And it’s an impossible situation to deal with – do you pay up, knowing they’re likely to attack again? Do you go public, almost certainly at the cost of plummeting shares and irreparable reputational damage?
Clearly, this is a critical problem that must be quelled. So, why hasn’t it been already?
Improving the OT/IT relationship
Historically, IT and OT departments within manufacturing organizations could function fairly independently. OT kept the factory running smoothly, while IT managed business applications from the front office.
But this siloed way of working, combined with longstanding clashes on everything from costs to how best to address security incidents, has done little to breed trust and collaboration between the two teams.
Ultimately, IT brings a deep understanding of cybersecurity, managing implementation and ensuring compliance. But to make security work, OT must have a seat at the table to determine when to deploy updates and to evaluate any potential production system impact.
As we know, the world of manufacturing is changing at breakneck speed. So, to keep up, IT/OT relationships must change with it. Failure to do so only plays into the hands of bad actors, who are all too aware of this division as a glaring chink in your armour.
As a fellow manufacturer, we understand the threats your organization is facing – because we’ve faced them ourselves. Our advice? Evaluate and invest in an OT maturity solution that is designed to fit the needs of your manufacturing ecosystem.
Bad actors unfortunately don’t take days off, which is why we’re leading the fight against cyberattackers. As one of the world’s only global manufacturers that has the capacity to create our own OT maturity solutions, we really understand the threat landscape.
Find out more about the role OT maturity can play in keeping your factory safe from cyberattacks here.