Evolve to stay secure
Convergent evolution is the process by which organisms with different ancestry evolve similar features. One example is that insects, birds and bats can all fly — each having independently evolved the skill to deal with environmental pressures.
Until recently, there was a clear division between information technology (IT) and operational technology (OT), so the two were controlled by separate teams with completely different skillsets. However, there is now the need for a new breed of IT/OT professionals, who can bridge the gap and enable secure IT and OT convergence.
At a basic level, IT is responsible for the creation, transmission, storage and securing of data. On the other hand, OT is focussed on establishing and maintaining control processes with physical impact, such as those that take place on the factory floor and in production environments. Because manufacturers are now competing in a digital marketplace, IT and OT are converging. Several industries have already begun integrating IT systems and operational technology by deploying new Industrial Internet of Things (IIoT) devices such as smart meters, automated asset distribution systems and self-monitoring transformers.
The main reason why we now need dedicated IT/OT professionals is to manage the new security risks that convergence enables. A cyber-attack, made possible through access to IT systems, could result in devastating physical consequences if it reaches an industrial control system (ICS) or a supervisory control and data acquisition (SCADA) system. Once they have access, hackers could control valves, gauges and switches in a live production environment. This is not just a risk to production, but also human life.
Keeping data secure
IN CIRA’s cyber security survey, 40 per cent of organisations reported a lack of security expertise in their business. This isn’t just down to the growing cyber security skills gap facing the entire IT industry, but also that even knowledgeable security experts have little experience in OT environments. This lack of expertise is partly to blame for 90 per cent of organisations with connected IT and OT infrastructure experiencing a security breach in their SCADA or ICS architectures, with more than half of those occurring in the last twelve months. Given the types of industrial systems that are coming online, such as utilities, aviation and automotive manufacturing, ensuring the privacy of transmitted data is crucial.
To progress, the manufacturing industry needs to actively recruit for individuals that possess the skills required to manage both IT and OT technologies — those that are as comfortable working with servers as they are with machine tools. Having a broad overview is likely to mean they understand the value of the data their systems are producing, therefore making data protection their top priority. Once a manufacturer has found a small selection of people with both skillsets, they have the means to cascade this knowledge down to the rest of the team.
Because of environmental pressures, birds, bats and insects all independently evolved the ability to fly. Now, both IT and OT professionals must converge their skill sets to meet new requirements. By taking a combined IT/OT approach, manufacturers can remain competitive, while keeping cyber-security a top priority.