CYBERSECURITY
CYBERSECURITY: AN INDISPENSABLE DIGITAL TRANSFORMATION CO-PILOT To drive operational efficiencies, improve performance or to gain a competitive edge, digital transformation is being adopted in almost in every operational technology (OT) environment. This means that, to safely connect plants and sites – irrespective of whether it an on-premise or off-premise solution – cybersecurity is not optional, says Arun Veeramani.
T
he attack surface at a manufacturing plant has increased greatly as the number of OT assets that are connected to take advantage of Industrial Internet of Things (IIoT) grows. Almost every vendor is requesting remote access to the OT assets to provide predictive maintenance, asset performance management or to get data for analytics optimisation. These remote connections turn into potential vulnerabilities that need to be actively managed. These vulnerabilities are even more pronounced when legacy OT systems are not patched, or are so old that there are no patches or updates available. It is, therefore, critical to have a secure remote access solution with capabilities such as strong access controls, multifactor authentication, standardisation across the company, and a solution that also has capabilities for playback of sessions and an ability to audit.
Another challenge Visibility of processes and assets presents another challenge for manufacturers. Unlike enterprise IT assets, which are refreshed every few years, the assets at a plant can go decades before being refreshed. This means the inventory list of the different assets is only partial and often does not include critical information like firmware versions, software applications and security patches. With so many purpose-built hardware and multiple communication protocols, companies that are not able to identify
26
May 2020
their assets will not be able to protect them. Not so surprisingly, asset discovery and inventory is one of the top needs. With uptime and availability being a priority in the OT environment, the ability to discover assets through passive scanning of the network (passive asset discovery) is needed so as not to potentially interfere with the functioning of the asset. Active asset discovery, though more intrusive because of the selective probing, still plays an important role as it will discover assets that may not be communicating on the network as often for the passive asset discovery to work effectively. Honeywell Forge Cybersecurity Software has capabilities for both active and passive asset discovery capabilities, so that manufacturers can discover and inventory the assets and better manage the risks. As companies look at improving their cybersecurity maturity, many think that it takes a backseat to operational uptime and 24/7 critical operations. Small incremental cybersecurity gains over time really add up – performing vulnerability scanning, disabling unused
www.controlengeurope.com
features or updating passwords can be undertaken by marginally extending scheduled downtimes. A best practice to improve cybersecurity performance would be to embed it into the project management operation processes and procedures to ensure it is part of the concept, design and selection of OT assets. Recognising and leveraging all the opportunities during plant operations can go a long way in improving the cybersecurity posture of a company. One barrier to addressing cybersecurity challenges is the scarcity of cyber talent in the job market. According to ISC2 – an international nonprofit organisation specialising in Control Engineering Europe