In a world where automation is increasingly connecting multiple plants and leveraging cloud technologies and artificial intelligence (AI), the safeguarding of critical systems is of paramount importance. In a thought-provoking discussion at the Emerson Exchange EMEA 2024 conference in Düsseldorf, Claudio Fayad, vice president of technology for the DeltaV™ Automation Platform at Emerson, spoke with Phil Tonkin, chief of staff at Dragos, on the vital topic of industrial cybersecurity.
Dragos – a company specializing in operational technology (OT) cybersecurity – is a long-term partner of Emerson in aiming to increase the security of systems that are critical to the operation of many industries around the world. The key points of the discussion at the Exchange included the current landscape of increasing threats in a connected world; how to protect against and recover from cyber-attacks; and how AI is impacting cybersecurity.
An evolving landscape
Tonkin explained that the cybersecurity landscape is evolving rapidly as a result of digital transformation, with today’s industrial organizations demanding ever-greater amounts of actionable data to help them improve operational efficiency, reduce downtime and increase profitability. Generating, gathering and analyzing this wealth of data requires significantly increased levels of connectivity, which in turn introduces new risks and vulnerabilities to industrial operations, making cybersecurity a critical concern.
Tonkin said that cyber activity targeting industrial assets is growing. Traditional cyber-threats have come from state adversaries aiming to, for example, disrupt energy supplies within other countries. Now though, there is a growing trend towards criminal groups using sophisticated techniques and targeted activity to attempt to gain access into industrial operations and hold organizations to ransom. Tonkin said that ransomware is the number one cyber threat in the industrial sector, with attacks increasing by almost 50% year on year.
The more impact these criminal groups can have on a company, the more likely they are to succeed in their aims, Tonkin said, as many businesses simply want to get their operations up and running again as quickly as possible, and will therefore agree to pay a ransom. Sometimes, however, the motivation for a cyber-attack is not financial and Tonkin highlighted an example of a terrorist attack on a safety critical system, the purpose of which was to disrupt a chemical process and increase the risk of harm to personnel.
Protection is paramount
Given the increasingly sophisticated nature of cyber-attacks against industrial operations, it is vital for organizations to do as much as they can to protect themselves against such threats. Organizations must also be prepared to respond and quickly recover from an attack, which is possible without any impact to overall production. Tonkin stressed the importance of raising awareness of the threats and solutions available, as well as engaging partners to create a more robust prevention, response and recovery plan.
It is particularly important that OT cybersecurity strategies gain board-level support, to improve the likelihood that they will be properly resourced. OT security strategies typically begin with hardening the environment, by removing extraneous OT network access points, maintaining strong policy control at IT/OT interface points, and mitigating high-risk vulnerabilities. It is also important to make sure that personnel have the technical skills required to adapt to new vulnerabilities and threats. A successful OT cybersecurity strategy also involves maintaining an inventory of assets, mapping the vulnerabilities of those assets and any mitigation plans, and actively monitoring traffic for potential threats.
AI enters the fray
Fayad concluded the discussion by asking Tonkin about the impact AI is having on industrial cybersecurity. Tonkin said that cyber criminals are using AI to enhance the sophistication and efficacy of their attacks, but that AI is also being adopted by cybersecurity providers, to help them better understand existing threats and identify them earlier. Manufacturers are also rapidly adopting AI-driven technologies to enhance their production processes and improve their bottom line, but this requires external network connections to AI models, which increases vulnerability to cyber-attacks from ransomware groups.
The most effective security control for reducing the risks associated with remote access is multi-factor authentication (MFA), but it is not feasible to implement this in every situation. Dragos recommends that to mitigate the cybersecurity risks associated with implementing industrial AI in manufacturing and production processes, organizations should anonymize sensitive data as much as possible before sending it to AI systems. They should also limit the number of different remote access vendors, products and solutions in an environment; make remote connections available on request rather than always active, and monitor their usage; and make sure that external connections can be rapidly disconnected. By following these recommendations, manufacturers can harness the power of AI while protecting their assets and increasing their long-term security.
