Recent global events have precipitated fresh concerns about potential cybersecurity breaches of critical infrastructure. While advanced cybersecurity measures are more important than ever, businesses can use them to pivot towards a more productive and efficient digital strategy.
As energy, infrastructure and mining firms are looking closely at their cybersecurity operations, one expert says that it is an important time to safeguard their operational technology (OT) cybersecurity.
Anand Makhija, Technical Manager at Hexagon, said that OT cybersecurity is far more comprehensive than simple anti-malware systems which protect networks and emails.
“We’re talking about the technology on the automation systems that keeps refineries, chemical plants, mining operations, and water systems running,” he says.
“Whether it’s a distributed control system or a programmable logic controller, cyber security for operational technology ensures that these systems are secure. The basic foundation of running plants comes down to such operations systems.”
Typical cybersecurity focuses on computers and similar technology, OT cybersecurity is about protecting all of your assets – piping, instruments, hardware, personnel and more. It’s not limited to preventing attacks, but how long it takes to recover (for more on this, read how a multi-national leader in oil and gas fast tracked its recovery after a natural disaster).
It is wise to invest in IT cybersecurity, but it is equally critical to evaluate and invest in best practices for protecting OT.
Considering the ‘big three’ threats
A 2020 survey by Hexagon found that human error, nation states, and digital transformation topped the list of OT cybersecurity threats.
“Human error often looks like an engineer making a change to an OT system that affects another operation within the plant,” says Makhija.
“When it comes to nation states, it’s very easy for a country to put significant resources into cyber warfare to damage critical infrastructure such as a water treatment plant.”
Finally, industries looking to utilise rich data from their complex operational systems are opening themselves up to new cybersecurity risks.
“Businesses are adding more and more applications to get this data from OT systems and use artificial intelligence, machine learning, and predictive monitoring tools to ensure they’re maximising their operations,” says Makhija.
“As a result, trying to get data from the production systems to the business layer leaves these systems open to certain vulnerabilities.”
Such discussions – about how advancing technology and automation will shape our futures – will be encountered and debated at HxGN LIVE 2022, Hexagon’s flagship digital reality solutions conference (virtual registration is open now).
Taking stock
Makhija says that businesses wanting to safeguard their critical infrastructure and industrial control systems against these types of threats should start with a holistic risk overview.
“All of the major international standards for cybersecurity frameworks recommend starting with a solution that gives them an inventory of their operational technologies,” he says.
“It is a very manual and cumbersome process just to understand what are the risks and vulnerabilities that exist within their systems.”
Paul Thornberry, Industry Consultant at Hexagon , says that the increase in outsourcing maintenance over the last 25 years has created a new layer of security and efficiency risks.
“If you don’t have the right kind of digitalisation to manage that outsourcing, it winds up costing you more money in the end. We’re seeing more and more instances of hackers trying to get in through those outsourced databases.”
A broader digital journey
Implementing an OT cybersecurity solution doesn’t have to be at odds with a transformative digital vision. Indeed, it should be in harmony with it. A good example is how PETRONAS Upstream improved its operational performance and security across 37 facilities in Malaysia through digital transformation and collaboration (see case study here).
Thornberry says that with many in the infrastructure and energy sector still lagging behind when it comes to productivity and modernisation, an OT cybersecurity upgrade is the first step on the road to an autonomous future.
“In this day and age, we’re still seeing many plant engineers working with paper-based tools, Excel spreadsheets, and basic in-house solutions,” he said.
“As a result of that, control room operators are often looking at four or five sources of information. In an operational environment, you need to be able to get a one-screen snapshot of the entire plant. Improving efficiency starts here.”
Thornberry says that by leveraging enterprise systems, businesses can truly start unlocking the potential of their data.
“These days, getting the data isn’t the hard part – it’s finding the platform that knows what to do with it.”
To find out more about how Hexagon can help the operation of critical assets and infrastructure – by reducing risks, improving safety and making it simple for managers to make more informed decisions with your data – check out this expert guide on Protecting OT Environments Against Cyber Attacks or contact Hexagon to talk to the Asset Lifecycle Intelligence team.