The rapid momentum that Industrial Internet of Things and Industry 4.0 implementations have gained during the recent years has given rise to increased threat of cyber attacks. There is a vacuum between information technology and operations technology that needs to be filled by security mechanisms and best practice to ensure assets are protected against malicious intents.
Engineers are tied to the operations side of the spectrum, focusing on seamless production and automation techniques. Their prime goal is to ensure production, a halt in which could affect the profits and have other adverse impacts. Information technology on the other hand doesn’t worry itself with production targets and is concerned with the networks, data security and firewalls.
Previously, production assets weren’t connected to the internet, eliminating the need for tightened security. The factories of today, however, incorporate all aspects of a business, operational and commercial. Ransomware attacks are one of the biggest threats to Industry 4.0 implementations, essentially locking down productivity and incurring financial losses to the effected company.
The room for these attacks is widened by the lack of concern shown by the industrial sector who are more focused on increasing productivity through IIoT practices. The status quo needs to shift, forcefully or otherwise as there have been rising occurrences of industrial viruses attacking virtually unprotected devices such as PLCs, DCSs, smart sensors, etc. One such virus is Industrover, holding the power to damage industrial control systems. The virus is said to be highly customizable and goes beyond the traditional ransomware standard of extorting money. It is capable of orchestrating nation-state attacks that can disrupt crucial infrastructure pertaining to power, water and heating utility systems.
This makes it clear that industries would have to step-up to bridge the gap between the IT and OT teams, converging both functions and finding a balance between availability and security.
The first step to this is bridging the technical gap between the two functions. Engineers and IT managers would have to be given education on each other’s expertise, bringing them to a same page. Next generation Firewall hardware needs to be adapted that protects industrial equipment similar to how networks have been shielded from external attacks. The solutions would have to be designed in a manner that they can withstand the tough environmental conditions present within the plant floor.
There also needs to be room for safety modes that would allow equipment to function and come to a safe stop in case a malicious entity gets into the system. For instance, IT systems come to a standstill if a firewall crashes but the same would not be viable for critical industry infrastructure. Instead, a pre-defined template would have to be programmed or either hard-coded into equipment to allow them to come to a stable state before shutting down.
All in all, OT and IT teams need to work together rather than in an isolated manner to combat the next-generation risks associated with advancements in technology.