This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

The key to effective cyber security

13 August 2018

Derek Lane, automation manager at WAGO, explains how IT and OT convergence can help protect against cyber threats.

Operational equipment on the plant floor has traditionally been isolated from enterprise IT. In recent years the use of data to control, monitor and optimise processes has necessitated the roll-out of IT into areas that were the exclusive domain of OT. Sensors can be installed even on legacy equipment to remotely monitor the condition of equipment in real time and identify problems before they occur. This requires OT engineers to implement IT measures on the plant floor, while IT engineers must provide solutions that take into account the complexity of plant operations. The downside to rolling out so much IT in a short space of time is that it inevitably carries risks, particularly when it comes to security. Each data point or interface added to a network represents a potential opportunity for systems to be compromised.

With cloud connectivity and the proliferation of smart devices, the line between IT and OT is increasingly being blurred, with each discipline having to consider and consult their counterparts to ensure that security does not adversely affect production, and vice versa. For example, OT engineers may be better placed to identify threats on the plant floor such as open USB ports, or opportunities for physical intrusion. They can also advise as to when the optimum time for installing new software upgrades and security patches might be, taking advantage of planned maintenance periods. IT engineers, meanwhile, can provide advice on applicable cyber security standards, and ensure that OT engineers are kept up to date on best practices.

Silo mentality in IT and OT is a recipe for cyber security disaster. Close collaboration between both departments is essential to ensure that security vulnerabilities are identified on the OT side, and neutralised on the IT side. Cyber security threats can come from multiple sources, which is why a defence-in-depth approach is required. This involves taking a holistic approach to cyber security, identifying and protecting against human, procedural and structural risks as well as technical ones. If one layer is breached, this approach ensures that other layers can still detect, delay or thwart a cyber security attack. Implementing security measures is clearly vital to protect against threats, but these measures also need to be appropriate to the facility. And the more collaboration there is between OT and IT, the easier this is to achieve.

A new white paper from Wago, entitled ‘IT Security in Production Facilities’ sets out the threats to automation systems while also offering tips for implementing effective cyber security for small and medium enterprises (SMEs). This can be downloaded at: https://www.wago.com/digital-future/en


Print this page | E-mail this page