Companies are optimising their development, production and logistics processes based on operational and status data. As a result, industrial control systems lose their previously insular position once production machines are networked.
The increased adoption of Internet of Things (IoT) and big data is blurring the lines between information technology (IT) and operational technology (OT) and the increased attack surface results in a heightened risk of cyberattacks, says IT and networking services multinational T-Systems South Africa security specialist sales executive Lukas van der Merwe.
These machines send data to control systems and, in some cases, even communicate over the Internet with devices in other locations. In the case of maintenance work, specialist service staff access machines remotely, either because the specialist resources are not on site or to save on costs.
Companies are able to increase their productivity; however, where the production and office spheres of a company were previously separated, there are now IT links and this gives hackers a gateway, the company explains.
These risks must be mitigated, as digital transformation is here to stay and is driving a greater urgency to bridge the cybersecurity gap between IT and OT, he says.
"Overall, cybersecurity is emerging as one of the top barriers to implementing successful Industry 4.0 strategies among many manufacturing companies. It is proving to be a massive challenge in the manufacturing environment, predominantly owing to the risks posed by devices and systems that are unseen across the IT estate."
Bridging the gap between OT and IT security should never be done by force, or seen as a retrofit, but should be about creating something new, especially in highly bespoke environments, states T-Systems South Africa.
Industrial companies often legitimately fear that IT security solutions in the field of industrial control systems can interfere with production processes, so security providers must adapt their strategy – developed within the world of IT security – for correct use in the OT environment.
"Organisations and service providers need to adopt 'digital empathy' to underpin the deployment of security tools that are empathetic to people’s environments and remove the blockers to productivity that traditionally present themselves. Organisations can empower their people to be part of the journey to improve productivity and build bridges to enable digital transformation," explains Van der Merwe.
Digitalisation initiatives can be enabled with simple and robust solutions from an experienced technology partner to reduce risk from IoT/OT network threats and unmanaged devices. This can be done via a passive approach that has no impact on productivity or the manufacturing technology, he concludes.