For some time now, operational technology has been undergoing constant change, which is summarised under the collective term Industry 4.0. Away from the isolated production enclaves of the time, production has evolved towards integrated, connected and distributed production environments. However, connecting machines to the internet brings serious cyber risks in addition to benefits such as remote maintenance and predictive maintenance. Especially if the operating area is not yet designed for this type of networking and no suitable measures have been taken to secure these areas.
Generally, production machines are exposed to a long life cycle and are thus vulnerable to cyber attacks. This is because such systems are often no longer updateable and cannot be upgraded due to a lack of support, meaning that for compatibility reasons the machines are often obsolete. IT/OT convergence thus represents a major hurdle for operational technology. It opens up vulnerabilities to attackers that can have fatal consequences, including fatalities. Attackers are now no longer limited to physical attack vectors, but can access the machines remotely and penetrate further into the network through increased networking to manipulate processes.
To protect themselves against this, companies therefore need a clear strategy and the ability to see what is currently happening in their network. It is particularly important to understand the attack vectors. While there is already a certain routine in the area of IT when it comes to detecting attacks, there is often a lack of overview of the machines and devices used in operational technology.
Since the process of monitoring takes up a lot of time and resources, it makes sense to automate it as much as possible. This is where Security Operations Centres come in. The analysts working in a SOC can fall back on methods and tools to detect attacks in the network and to initiate appropriate countermeasures in case of suspicion.
This presentation by Konrad Czyzewski illustrates how important it is to take an in-depth look at the security of operations technology and to create synergies with IT technologies as well as to invest in security.