Balancing Innovation and Security in Industrial Systems

The cybersecurity landscape for industrial systems is evolving rapidly. While most cyber attacks remain IT-focused, they are increasingly impacting operational technology (OT) environments due to inadequate network separation and too many exposed vulnerabilities.

According to Willem Jan de Graaff, Director of Consulting Services at CGI, targeted OT attacks pose a significant concern. 

"What’s scary is that these targeted OT cybersecurity attacks are typically executed by people who really know what they're doing," he explains.

Unlike IT attacks that aim to steal data, industrial cyber attacks focus on disruption. This can have serious consequences for companies, the environment and personnel safety.

Corporate and operational responsibilities

A major challenge is governance, the separation of responsibilities between corporate IT and operational teams. 

Corporate cybersecurity functions typically concentrate on application landscapes, offices and cloud services, often stopping where factory domains begin.

"Cybersecurity is typically a corporate function," says Willem. "When we speak to operational managers, their primary objective is to be able to ensure availability and productivity. They often perceive security to be a hindrance to performing their operational priorities."

This divide creates a dangerous gap in security coverage. One team focuses on operations but not security, while the other focuses on security but not operations.

The dynamics are changing, however, as Willem notes: "With the new legislation coming up in Europe, the NIS2 directive, that is really putting pressure on companies to demonstrate that they're in control of their cybersecurity across both IT and OT.”

Legacy systems and patching challenges

Industrial environments face unique security challenges compared to IT systems. IT vulnerabilities are typically addressed through regular, often mandatory, patching.

"That kind of forced patching is impossible in operations because if you force updates, you don't know what production process you're disrupting," highlights Willem.

Many industrial systems are decades old, with patches no longer available, and such legacy systems require different protection strategies.

Willem advocates for companies to develop thoughtful patching strategies despite concerns about downtime: "You might argue, 'we cannot afford downtime,' but then can you afford downtime because of a cyber incident? That's even worse because it'll take longer and it'll cost more.”

Building a robust security culture

Creating awareness around cybersecurity in factory environments may require a different approach than in office settings. Willem suggests leveraging existing safety protocols as a model.

"Safety is something that everybody understands in a factory because typically what you're doing is a dangerous process," he continues. “You can train your factory staff using mandatory videos in the same style as the safety training.”

By drawing parallels between safety and security, companies can help operational staff understand that security breaches can lead to similar incidents as safety breaches.

It must be emphasised, however, that organisations shouldn't avoid innovation due to security concerns. Instead, they should aim to implement new technologies securely.

"If you're able to innovate, you can become more competitive,” Willem goes on. “So, you need to embrace it, but you need find a way to be in control.”

While investing in cybersecurity is often looked at as an investment with no return, Willem points out that such investments can enable companies to confidently embrace new technologies. 

Remote access considerations

The COVID-19 pandemic dramatically increased demand for remote access to industrial systems, a trend that created new security challenges that must be addressed.

"Remote access needs to be secure," Willem stresses. "How do you control who is accessing your network, for what reason, for how long and what data are they allowed to extract?"

Remote maintenance can be a major cost saving, but Willem argues that companies have to understand how they interact with others in their supply chain, something that is also demanded under the NIS2 regulation.

The role of AI

Clearly, artificial intelligence is transforming both offensive and defensive cybersecurity strategies. 

While attackers are using AI to create more sophisticated phishing attempts and deepfakes, it can be harnessed to strengthen resilience mechanisms.

"You can also deploy AI on the defensive side to be better prepared, anticipate attacks and catch abnormal behaviour that the human eye may not notice," says Willem. 

However, when designing a cybersecurity programme, the importance of conducting thorough risk assessments rather than hastily implementing solutions cannot be understated. 

He concludes: "If you haven't done any kind of proper risk assessment, you don't know whether you are addressing the biggest risk or the risk that is having the biggest impact."

A unified approach to security

The convergence of IT and OT security requires a unified approach that bridges the gap between corporate and operational responsibilities.

As industrial systems face increasingly sophisticated threats, organisations must prioritise comprehensive risk assessments and develop security strategies that account for the unique challenges of operational environments. 

By embracing cybersecurity as an enabler rather than a hindrance, companies can confidently innovate while protecting their critical infrastructure from potentially devastating attacks.

Explore the latest edition of Manufacturing Digital and be part of the conversation at our global conference series, Manufacturing LIVE.

Discover all our upcoming events and secure your tickets today.

Manufacturing Digital is a BizClik brand.