APRIL 20248 IN MY OPINIONAs technology expands at an increasingly high rate, insights into real-time data have become a critical component in operations due to increased speed with fewer errors and critical decision-making; so, what are the next steps?Many systems and tools can be deployed to monitor real-time information for real-time decision-making, connecting to manufacturing execution systems (MES), maintenance, quality, and others, and subsequently, machine vision to analyze results. These systems can provide essential data, providing considerable insights and gains to improve operations. But with so many systems and software out there, how do you choose? This is exactly the question everyone should be asking. As digital transformation continues to expand, there is a growing need to link and integrate business systems with manufacturing systems and shop-floor equipment. However, it is crucial to note that this convergence between IT and OT carries substantial risk because industrial control systems (ICS), which are used in almost every machine which are running operations ­ are often uncontrolled and do not play nice with anti-virus software, so they are highly susceptible to attacks. For organizations responsible for critical infrastructure, any hint of compromise needs to be taken very seriously. This is why it is time to get down to business to start planning to secure your environments and segment your networks. Standard IT systems and connections are mostly standardized; OT systems use many connection protocols specific to function, industry, geography, etc., which can pose a significant cyber risk. As IIoT devices become more common, external partner products present weighty challenges to creating secure environments, and let's not forget about securing legacy systems. In effect, digital transformation efforts generate these structural problems, exacerbated by poor IT security hygiene practices within OT environments. This is largely due to the insecure deployment of IIoT devices, a lack of visibility of the devices, or their interface through networks to business systems.You must understand that the enormous presence of unprotected IIoT devices provides opportunities for threat actors. The terrifying part is that most of these devices are plug-and-play without the need for passwords or configurations, which essentially makes security optional. Many of these types of devices are shipped with commonly known default passwords to provide easy access to configuration panels. You might be able to imagine that it is not so difficult for hackers to create botnets to trigger distributed denial-of-service, which freezes or disables systems. From a technical point of view, these attacks have elaborate mechanisms that are difficult to detect because they are encrypted and designed to profile processes. These attacks can enter your poorly secured OT environments into your business systems to exfiltrate organizational data and threaten to leak it or steal proprietary information. We know that the devices are not secure and pose threats to organizations, but there are additional concerns regarding IT/OT convergence that need to be mentioned. The first is the accidental insider who is on a quest to create greater efficiencies and lacks security awareness; they may accidentally introduce conditions that make environments more susceptible through ill-advised changes in configurations. Secondly are external actors: As most organizations need help from external partners to set up these new shiny things, accidents can happen. Third is a TECHNOLOGY INSIGHTS:IT/OT CONVERGENCE BY CHRISTOPHER NICHOLS, DIRECTOR SITE RESILIENCY OPERATIONS ENGINEERING AND OPERATIONAL TECHNOLOGY SUPPORT - IT OPERATIONS, STANLEY BLACK & DECKERChristopher Nichols
< Page 7 | Page 9 >