The key to effective cyber security

13 August 2018

Derek Lane, automation manager at WAGO, explains how IT and OT convergence can help protect against cyber threats.

Operational equipment on the plant floor has traditionally been isolated from enterprise IT. In recent years the use of data to control, monitor and optimise processes has necessitated the roll-out of IT into areas that were the exclusive domain of OT. Sensors can be installed even on legacy equipment to remotely monitor the condition of equipment in real time and identify problems before they occur. This requires OT engineers to implement IT measures on the plant floor, while IT engineers must provide solutions that take into account the complexity of plant operations. The downside to rolling out so much IT in a short space of time is that it inevitably carries risks, particularly when it comes to security. Each data point or interface added to a network represents a potential opportunity for systems to be compromised.

With cloud connectivity and the proliferation of smart devices, the line between IT and OT is increasingly being blurred, with each discipline having to consider and consult their counterparts to ensure that security does not adversely affect production, and vice versa. For example, OT engineers may be better placed to identify threats on the plant floor such as open USB ports, or opportunities for physical intrusion. They can also advise as to when the optimum time for installing new software upgrades and security patches might be, taking advantage of planned maintenance periods. IT engineers, meanwhile, can provide advice on applicable cyber security standards, and ensure that OT engineers are kept up to date on best practices.

Silo mentality in IT and OT is a recipe for cyber security disaster. Close collaboration between both departments is essential to ensure that security vulnerabilities are identified on the OT side, and neutralised on the IT side. Cyber security threats can come from multiple sources, which is why a defence-in-depth approach is required. This involves taking a holistic approach to cyber security, identifying and protecting against human, procedural and structural risks as well as technical ones. If one layer is breached, this approach ensures that other layers can still detect, delay or thwart a cyber security attack. Implementing security measures is clearly vital to protect against threats, but these measures also need to be appropriate to the facility. And the more collaboration there is between OT and IT, the easier this is to achieve.

A new white paper from Wago, entitled ‘IT Security in Production Facilities’ sets out the threats to automation systems while also offering tips for implementing effective cyber security for small and medium enterprises (SMEs). This can be downloaded at: https://www.wago.com/digital-future/en


Print this page | E-mail this page