When information technology meets operational technology: Cybersecurity considerations in a converging industry

Providing valuable insight on cybersecurity concerns for manufacturers, Rockwell Automation and EY experts recently hosted their third Management Perspectives webinar. If you missed the webinar, see the recording online here (available after registration).

As digital technologies increasingly make their way onto the factory floor, the vulnerabilities of operational technology are being exploited as plant managers leave these online devices open to cyber-attack. “Does this sound like your company?” began Gert Thoonen, Business Development Leader Connected Services for Rockwell Automation, opening the third in a successful series of webinars as part of the company’s Management Perspectives programme. “As many as 50% of manufacturers are not implementing appropriate measures to protect their operational technology. They underestimate the risks that these digital devices bring to their production, and should be taking steps to build security into their entire manufacturing ecosystem,” he says. “Every single component in your operation should be considered, as well as your supply chain.”

According to webinar co-host, Axel Hammer, Senior Manager at EY, it is often management mindset that gets in the way. “Investing thousands of dollars in proper cybersecurity can be difficult to quantify for manufacturers, who won’t see any immediate or obvious return on this investment. However, it needs to be thought of in a similar way to insurance. Yes, something may not go wrong, but can you afford the implications if there is a disaster?” Especially in the just-in-time manufacturing sector, just one day of downtime can cost billions, says Hammer, warning that massive financial loss “may not be as far away as you think”.

So, how can the vulnerabilities between IT and OT be protected? According to Thoonen, it’s not just about having the right software and technology in place. “Cybersecurity is not solely an IT problem. It comes down to the behaviour of every operator, third party and subcontractor who interacts with your plant’s systems. Everyone needs to be on board.”

“A security-centric mindset needs to become standard behaviour for all staff,” agrees Hammer. “And it cannot be an ‘added extra’ or an after-thought. It won’t happen with a flip of a switch. A constant, iterative process of employee education and training is necessary.” Both presenters emphasised the lack of IT skills as challenge facing manufacturers, who need to actively provide training to staff to equip them to efficiently identify and respond to cyber threats. “All to often, the immediate reaction is to quickly unplug the effected device. From an IT forensics perspective, this is unhelpful as it inhibits the way we investigate and respond to the attack,” concludes Thoonen.

The Management Perspectives Program is an online community resource designed to inform and inspire managers and executives through a collection of online content and educational materials, with a focus on digital transformation and the Industrial Internet of Things (IIoT). It is free for any interested professionals seeking insight and peer-to-peer dialogue on IIoT, manufacturing and Industry 4.0. Access the Management Perspectives portal for free, online here.