Harting
Harting

Do you want to advertise here? Contact us

LMW
LMW

Do you want to advertise here? Contact us

OEM Update
.

Cybersecurity: The Grey Rhino of the COVID-19 Pandemic

By OEM Update Editorial September 8, 2020 12:25 pm

A holistic approach to industrial security must be enterprise-wide – from the mailroom to the factory floor and executive boardrooms – encompassing every single end-device.

One of the most significant changes brought on by the COVID-19 pandemic has been the sudden shift to telecommuting and the rapid adoption of digitalisation. Previously a concept associated with millennials and tech-startups, working from home and connecting exclusively online has become the new normal seemingly overnight.

While both businesses and individuals have been quick to adapt, their focus has mostly been on maintaining business continuity. Governments and corporations alike are leaning heavily on technology for their primary modes of communication and information sharing. Likewise, the manufacturing sector – especially factories dependent on manually-operated machinery – are now looking for ways to scale up automation to at least enable basic processes to be carried out remotely, in order to limit the number of workers that must be physically present on the factory floor.
However, this heightened integration of and dependency on digital infrastructure has resulted in a greater vulnerability to cyberattacks. For one, there has been the mass migration of sensitive information on unsecure networks – one common example being employees accessing confidential files remotely or on personal laptops. People are also spending more time online for both work and leisure. In the rush to revert to business-as-usual, speed has been prioritised over safety. Coupled with the swift adoption of new technologies, without fully understanding their security parameters, this has given cybercriminals unprecedented opportunity to exploit the myriad of weaknesses exposed. Rogue actors often take advantage of the confusion and uncertainty shrouding a crisis, like the current COVID-19 pandemic, to launch cyberattacks on unsuspecting individuals or organisations.

Cybersecurity is even more complicated and multi-faceted in the industrial, manufacturing, pharmaceutical, and R&D, sectors. Companies in this space face the challenge of merging legacy infrastructure, decades of paperwork-based record-keeping, as well as on-site machinery and information-sharing systems while having to ensure that intellectual property, as well as safety and quality standards, are not compromised.

Weaving a Robust Safety Net
Bringing together the right combination of technology and processes presents its own challenge. Not every organisation has existing employees equipped with the requisite knowledge and skills required to understand not only where the gaps are, but also how to design, deploy and maintain more secure and connected systems. In addition, such systems should be designed and deployed with a comprehensive view of cyber security.

A holistic approach to industrial security must be enterprise-wide – from the mailroom to the factory floor and executive boardrooms – encompassing every single end-device. More important than the technology itself, are the people who embody the organisation; its employees. Risk management must account for all factors: people, processes and technologies. It merges the strengths and capabilities of the IT and operations teams – both of which are indispensable in securing network infrastructures.

Identifying Areas for Improvement
First, a security assessment should be conducted to identify all the current and anticipated risks and vulnerabilities an organisation is and could be exposed to. A thorough assessment will account for software, networks, control systems, site-infrastructure nuances, policies, procedures and even employee behaviours.

The foundation an effective cybersecurity strategy is built on comprises of the following:
• An inventory of authorised and unauthorised devices and software
• Detailed observation and documentation of system performance
• Identification of tolerance thresholds and risk and vulnerability indications
• Prioritisation of each vulnerability based on impact and exploitation potential
• Mitigation techniques required to bring an operation to an acceptable risk state.
The Myth of the Panacea
There is no cure-all security technology or technique that can create a watertight defence system that accounts for every threat. Take a bank for example – it does more than simply lock its doors to protect its cash assets and highly valuable and sensitive data like the personal information of its clientele. In an increasingly interconnected world, all companies should also adopt a multifaceted approach to protect their physical, intellectual, and digital assets.

Defense-in-depth (DiD) security is based on the idea that any one point of protection can and will likely be compromised at some point. Hence, DiD security establishes multiple layers of protection through a combination of physical, electronic and procedural safeguards.

A DiD security approach consists of six main components:
Policies and procedures
• Policies and procedures
• Physical

Advertising

OEM Android App

Your future advertising space? Our media data

Engaging External Expertise
Most companies are already facing headwinds from the global economic downturn. While investing in cybersecurity can feel like an additional burden on strained resources, it plays an almost disproportionately outsized role in mitigating risk, deterring bad actors, and reassuring employees, corporate partners, and shareholders.

Working with cybersecurity experts allows for an objective assessment of your organisation’s vulnerabilities. This forms the foundation of an effective cybersecurity strategy which should be able to integrate seamlessly with legacy infrastructure and account for regulatory restrictions, employee behaviours, and industry-specific risks.

Rockwell Automation has defined five core security principals when developing a control system:
1. Secure network infrastructure
A resilient industrial network security system is essential limiting access to authorised individuals and protecting data against manipulation or theft. With many still working from home, security systems now need to account for the remote connectivity of people, processes, and information. Networks used in large-scale industrial applications can harness cloud technology, data analytics, and mobility tools to optimise systems monitoring.

2. Authentication and policy management
Often overlooked when developing safety controls around user authentication is the need to minimise potential exposure to threats from internal resources. Management user accounts should be integrated with a means of centralised control. Scalable solutions should also be planned to allow for flexible workflows around disconnected environments, guest user access, and temporary privilege escalation before the necessity arises.

3. Content protection
Automation equipment such as controllers often contain sensitive information. Smart industrial systems require a common, secure environment to protect an organisation’s intellectual property while maintaining productivity and quality.

4. Tamper detection
Unwanted activity and modifications within operational systems can be quashed with speedy detection, recording, and a strong coordinated response. Cybersecurity measures to deter and address potential threats include a means to centrally record and track all user actions, regular backups of operating asset configurations and electronic files, as well as a meticulous inventory of all devices on a plant floor.

5. Robustness
Plant machinery, operation systems, and data storage units can be brought together under a single-system architecture that allows for centralised monitoring and reporting. By leveraging Converged Plantwide Ethernet (CPwE), multinational corporations can achieve greater flexibility, visibility, and efficiency required to remain competitive while retaining full control over their digital assets.

A Constant Evolution
Talk of Industry 4.0 began almost a decade ago, but an unexpected impact of the novel coronavirus has been the acceleration of digitalisation for businesses across every country and sector. While innovative technologies such as intelligent automation, Cloud computing, and Machine Learning have been proven to optimise efficiency and reduce overhead costs, organisations must also be ready to deal with the associated risks, namely an interconnected enterprise that is almost entirely housed on a digital network.

Cybersecurity systems and protocols are a crucial component of a successful digital transformation and businesses should seek to continuously review, improve, and upgrade their protective infrastructure accordingly.

(Courtesy – Rockwell Automation)

Cookie Consent

We use cookies to personalize your experience. By continuing to visit this website you agree to our Terms & Conditions, Privacy Policy and Cookie Policy.

Tags: Technology
Webinar
Webinar

Do you want to advertise here? Contact us

OEM Update QR Code
OEM Update QR Code

Events

Clean India Show
Clean India Show
Factory Automation Expo
Factory Automation Expo
India Essen Welding and Cutting Expo
India Essen Welding and Cutting Expo
Logimat India
Logimat India
Metal Forming Expo
Metal Forming Expo

eMagazine November 2024

eMagazine November 2024
eMagazine November 2024

Do you want to advertise here? Contact us

Our Sponsors

DIRAK
DIRAK
Pragati Gears
Pragati Gears
Carl Zeiss India
Carl Zeiss India
STMCNC
STMCNC
Nord
Nord
Messer Cutting
Messer Cutting
Atos Profilo
Atos Profilo
Fronius
Fronius
SCHMALZ
SCHMALZ
Sigma-Weild
Sigma-Weild
Mallcom
Mallcom
igus
igus
DH Secheron Electrodes
DH Secheron Electrodes
Timken India
Timken India
UNP Polyvalves India Pvt Ltd
UNP Polyvalves India Pvt Ltd
ENS Oils & Lubricants
ENS Oils & Lubricants
Super Slides
Super Slides
Autonics
Autonics
Fuel Instruments  Engineers
Fuel Instruments  Engineers
Velvex
Velvex
Universal Orbital
Universal Orbital
Chicago Pneumatic Tools
Chicago Pneumatic Tools
MMC Hardmetal Pvt Ltd
MMC Hardmetal Pvt Ltd
Mennekes
Mennekes
ACD Machines
ACD Machines
TruCut
TruCut
tectyl
tectyl
BKT Tires
BKT Tires
Fibro India
Fibro India
Deceler
Deceler
Balluff
Balluff
Urgo Capital
Urgo Capital
Amsak Cranes
Amsak Cranes
Molygraph
Molygraph
SKS Welding
SKS Welding
pioneer Cranes
pioneer Cranes
Exorint
Exorint
Schmersal India
Schmersal India
Exon mobil
Exon mobil