Government and industry warned of cyber-security ‘blind spots’

Operational Technology (OT) networks are increasingly vulnerable to cyber-attacks as a result of ‘blind spots’ brought on by digital transformation and IIoT, according to a report.

Published by Yokogawa UK and titled Industrial Cyber Threats: Processes & Protection for Industrial Control Systems, looks at the vulnerability of OT networks in critical infrastructure and industrial applications, such as utilities and petrochemical plants, energy generation, automated manufacturing, pharmaceutical production, and water networks.

Donal Bourke, Manager New Business & Advanced Solutions at Yokogawa UK & Ireland, says digital transformation and IIoT, while having enormous benefits, if not appropriately designed and managed can simultaneously create an acute danger. He says: “Digitalisation and the adoption of new technologies that facilitate interoperability, information flow and data insight, can create an OT ‘blind spot’ that can be exploited by state-sponsored action or by highly sophisticated lone-wolf hackers. They are increasingly targeting critical infrastructure with attacks that have the potential to disrupt the normal functioning of a society, such as power generation.”

Unlike cyber-attacks on IT systems, attacks on OT networks can have graver implications. Mr Bourke adds: “At one time, industrial environments were considered immune to cyber-attack due to employing techniques such as air-gapping which is the physical isolation of networks. This is no longer the case as digitalisation, which has facilitated the convergence of IT and OT has created a larger threat attack surface for bad actors to gain access to a facility’s integrated control and safety systems. Today’s hackers recognise the vulnerabilities of OT systems and are actively looking for ways to compromise them.”

The report highlights the fact that OT security is in its infancy compared to IT security, despite the magnified risk, and urges government and industry to take a holistic approach.

Mr Bourke adds: “There is no technology magic bullet that will mitigate the cyber security risk of increasing IT and OT convergence, the threat to control systems and human fallibility. The solution lies in taking a more holistic approach that involves awareness training, risk assessments, the development of OT appropriate policies and procedures, and architecting a system which provides an organisation with a comprehensive Cyber Security Management System.

“Keeping one step ahead of hackers is difficult, not least because cyber threats are continually evolving. Regulation, rightly, looks to maintain the pace but has also made OT cyber security a daunting challenge for most organisations. This report simplifies that problem, bringing together all the information necessary to develop an effective OT Cyber Security Management System.

“No system is impregnable, and vulnerabilities will continue to be discovered across the OT domain. Even with generous investment, no plant can completely eliminate its risk exposure. It stands to reason that a holistic approach to cyber-security is the only way to keep pace with the latest generations of malware tailored to industrial control systems.”

Download a copy of  Industrial Cyber Threats: Processes & Protection for Industrial Control Systems to learn more.