In a few months, we connect with experts from Fortinet to explore working in a world full of cyber-threats during the webinar "Keeping Safe & Keeping Production Running In The Age Of Cyber-threats."
Today we preview that presentation, chatting with Fortinet's Carlos-Raul Sanchez, technologist, and Matthew Britter, director of operational technology, about how digital tools and techniques are changing the modern cybersecurity landscape. Take a look…
Smart Industry: Big picture question—how are our digital-first approaches changing the approach to cybersecurity in manufacturing?
Carlos: It's the volume of data available. And there are traffic increases commensurate with the added capabilities of modern devices. The supply chain is directly affected where just-in-time manufacturing of goods is applied to gain efficiencies and business leaders want goods to spend less time in warehouses. This method of manufacturing and inventory requires accurate data. Compromised cybersecurity will not only affect those targets, but the entire supply chain.
Matt: Industry 4.0's desire to increase the use of real-time, actionable decision-making using real-time data accelerates the IT/OT convergence. This means as production gets end-to-end connectivity (enterprise to plant to cloud), so should your cybersecurity view.
Smart Industry: Does the awareness of the need for modern cybersecurity approaches match the response among industrial decision makers?
Carlos: Decision-makers are aware of the need to protect manufacturing facilities, however implementation in a running environment presents financial and logistic challenges. The decision to implement cybersecurity methods should, of course, consider the risks to the business. Decision-makers have to weigh the cost of not protecting the environment and if non-action causes an unsafe environment. A risk assessment is critical.
Matt: Awareness is high, but adoption and implementation are moving at rate to not disrupt production. Manufactures need to balance physical safety and production against adding cyber-complexity. I agree with Carlos—insight on phased approaches is needed. The roadmap starts with the current state assessment, then the creation of the team of advisors, all leading to a realistic end goal.
Smart Industry: What unique security challenges are posed when marring legacy and new assets?
Carlos: Divorce! Most legacy devices were designed to perform a specific function. In most cases security was not a consideration during the design process. Identifying the capabilities and vulnerabilities of legacy devices is a challenge. One possible course of action is to virtually segregate legacy devices and perform packet examination of the data payloads to determine how to protect them.
Matt: Visibility to traffic and proper segmentation is the "moat and castle" for legacy assets to exist in the modern plant. As the legacy assets stay in the automation mix, patching, data mining, and modern communication become long-term liabilities. The workforce is already taxed with lack of resources to keep demand in check. Add to that a desire to have an Industry 4.0 initiative and you may not have resources that have that wide knowledge. Companies need to understand the risk profile you are creating and have plans for recovery of the production environment when problems arise.
Smart Industry: Let’s consider the positive side here…what most excites you about the near future of cybersecurity in the coming years?
Carlos: The manufacturing industry is recognizing the need to implement cybersecurity measures as a means to ensure safety, increase efficiency and lay the foundation to future technologies. Manufacturers are embracing automated responses to maintain production. I believe that as companies mature, their cyber-practice will move toward automated responses and this will collapse multiple functions into single platforms.
Matt: AI and built-in security. AI and machine-level learning will spread into everything from condition-based maintenance to machine diagnosis. Automated responses will help ease workfplace challenges such as aging workforces, lack of skilled labor, supply chain instability, cyber-events, etc. Embracing this level of automated decision-making will improve overall efficiencies in plants. In short, we have to think how to achieve more with less.
It's good to note that manufactures are baking in security to new plant-automation components and assets. But the long life of the current generation of automation means that, for the next few decades at least, we will see the same challenges remain.
