MAR-APR 2018

Issue link:

Contents of this Issue


Page 49 of 57

50 INTECH MARCH/APRIL 2018 WWW.ISA.ORG Securing the IIoT: Collaboration can win the day By Chris Lyden the final say | Views from Automation Leaders ABOUT THE AUTHOR Chris Lyden (americas. marketing@schneider- is senior vice president, strategy, for Schneider Electric's Process Automation business. He is respon- sible for the business unit's strategic plan- ning process; product and technology road map and vision; merg- ers and acquisitions pipeline; and industry applications consulting. their own site security protocols, while maintaining the documented procedures from systems, solutions, and software suppliers. Cybersecurity is a journey, not a destination. More than just technology, it must be accompanied by regular employee training, ongoing risk and threat assessments, firmware updates, maintenance of soft- ware and hardware, and procedure and change con- trol. The old adage "an ounce of protection is worth a pound of cure" could not be more true in prevent- ing cyberattacks. Unfortunately, cybersecurity funding and resources often become available only after an attack. Instead, to address continuous threats, the in- dustry needs to invest now in our people, with better training and education, and in our ICS technologies. Second, we all—suppliers, end users, third-party providers, integrators, standards bodies, and other industry organizations and government agencies— have to come together to put into place stronger unifying standards and practices. From there, we have to be aware of these standards and implement and always adhere to them, regardless of industry or type of facility. Lax adherence to cybersecurity protocols is widespread. Everyone must implement tighter basic cybersecurity controls and practices, but there is also a deeper need for more robust security reviews within all ICS and embedded device systems. Third, we need new levels of collaboration and openness. For true change, industry leaders must commit to transparency that promotes openness across competitive lines. Cybersecurity is not lim- ited to a single company, industry, or region. It is an international threat to public safety that can only be addressed and resolved through collaboration. In the face of increasingly bold attacks perpe- trated by malicious actors with unlimited time and resources, everyone must participate in open con- versations and drive new approaches that allow in- stalled and new technology to combat the highest- level cyberattacks. We must not be paralyzed by fear, but we must not be complacent, either. The time for an indus- trywide initiative to address highest-level attacks is now. The entire industry must collaborate openly to educate and train our workforce, strengthen our technology, and install and adhere to stronger unifying standards. This is the clearest path toward ensuring the safety and security of the world's in- frastructure and the long-term protection of the people, communities, and environment we serve. n J ust as new innovations and technology have helped industrial manufacturers improve oper- ations, advancements in technology have em- boldened a new generation of malicious actors to attempt far more innovative, aggressive, and dan- gerous cybersecurity attacks. Not long ago, industrial information technology (IT) and operational technology (OT) were isolated. The hardware and software systems that monitor and control physical equipment were independent from the computers, systems, and applications that process and store operating and business data. But now the IIoT is transforming how manufactur- ing and process plants control and manage opera- tions. Connectivity, networking, big data, predictive analytics, cloud computing, edge computing, and the like are gaining acceptance. The line between IT and OT is blurring, so connectivity has become both inescapable and necessary. Yet it also widens access points for hackers. Cybersecurity threats come from every direction. Operations networks not built for connectivity are being connected, and security pro- tocols are ignored for the benefit of data access. The threat vector now extends even to base-level as- sets. Attackers can target anything from a connect- ed toaster to a wireless field device. It is a new type of cyberattack for industrial control systems (ICSs), which are increasingly accessible over the Internet. The actors have also changed. Attackers are be- coming more sophisticated. Attack techniques are readily available on the dark web, so low-level cy ber- criminals can access the necessary information for level-4 attacks. Motivations have changed, too; it is not always about money. Notoriety is also prized. And then there are nation-state perpetrators, who have emerged as our most dangerous threat. We are facing a geopolitical climate where mali- cious actors have unlimited resources to carry out cyberattacks. That means industry players need to come together to improve our overall cybersecurity culture and hygiene. But where do we begin? Multipronged approach As an industry, we must take a multipronged ap- proach to security threats. First, vendors have to reinforce their commitments to making products stronger and to educating end users on inherent product cybersecurity features. Organizations need to adhere to security best practices, identify threats, and respond accordingly. They should strengthen

Articles in this issue

Links on this page

Archives of this issue

view archives of InTech - MAR-APR 2018