Securing industrial infrastructure in a digital world

With digitalization gaining rapid pace, the battle to keep cyber-attacks at bay is a never-ending one. The threats are all-pervasive and dynamic. The stakes too high to be taken lightly. In their bid to gain efficiency and optimum production levels, industries have shown keenness to adopt the latest innovations including 5G, the Internet of Things (IoT) and automation but what weighs heavily on their minds is the aspect of security.

Until now the operational technology (OT), which broadly refers to the industrial networks and systems that monitor and control complex physical processes, offered safety and reliability to crucial sectors including power grids, mines and railways. The latest advancements in connectivity has significant business benefits. However, the overarching concern among operators is whether digital transformation will make their systems more vulnerable to online threats.

Traditional OT systems have historically been “air gapped” - fully isolated from the public internet or any other less reliable network - and backed by a robust defensive architecture comprising of key cards and other physical barriers regulating access to consoles and terminals. That protection is gradually getting degraded. OTs are now getting connected with the information technology (IT) systems. The interlock helps in boosting productivity and implementing predictive maintenance capabilities. The downside is that it compromises the air gap and increases the chances of cyber-attacks.

Once an OT system is breached, hackers can make unauthorized changes to configurations or send wrong information to operators, disrupting workflows or disabling equipment. The repercussions of such acts can trigger serious environmental and economic consequences and even put lives in danger. “The more interconnected you get, the greater the risk an attacker can get in,” says Holly Grace Williams, founder of cybersecurity testing company Akimbo Core.  

“I’ve been able to access OT via the internet several times, finding my way through vulnerabilities in perimeter devices or published services like email servers and then pivoting into the OT network,” she adds.  

So, how can critical infrastructure operators open themselves up to the internet in a secure way? Read the full article here to learn how the seamless merger of OT and IT can shrink the threat surface and allow businesses to expand.