Operational Technology (OT) networks across the power generation industry are increasingly vulnerable to cyberattacks as a result of ‘blind spots’ brought on by digital transformation and IIoT – a new report has warned.
OT security is in its infancy compared to IT security, despite the magnified risk, and the report urges governments and industry to take a holistic approach to mitigate risk.
The report, Industrial Cyber Threats: Processes & Protection for Industrial Systems, highlights the vulnerability to cyberattacks of OT networks in critical infrastructure and industrial applications, such as utilities and petrochemical plants, and power energy generation networks.
Donal Bourke, the manager of new business & advanced solutions at Yokogawa UK & Ireland, says digital transformation and IIoT, while having enormous benefits, if not appropriately designed and managed can simultaneously create an acute danger.
“Digitalisation and the adoption of new technologies that facilitate interoperability, information flow and data insight, can create an OT ‘blind spot’ that can be exploited by state-sponsored action or by highly sophisticated lone-wolf hackers. They are increasingly targeting critical infrastructure with attacks that have the potential to disrupt the normal functioning of a society, such as power generation.”
Unlike cyberattacks on IT systems, attacks on OT networks are of significantly higher concern and can have much graver implications.
“At one time, industrial environments were considered immune to cyber-attack due to employing techniques such as air-gapping which is the physical isolation of networks.
“This is no longer the case as digitalisation, which has facilitated the convergence of IT and OT has created a larger threat attack surface for bad actors to gain access to a facility’s integrated control and safety systems. Today’s hackers recognise the vulnerabilities of OT systems and are actively looking for ways to compromise them.
“There is no technology magic bullet that will mitigate the cybersecurity risk of increasing IT and OT convergence, the threat to control systems and human fallibility. The solution lies in taking a more holistic approach that involves awareness training, risk assessments, the development of OT appropriate policies and procedures, and architecting a system that provides an organisation with a comprehensive Cyber Security Management System.
“Keeping one step ahead of hackers is difficult, not least because cyber threats are continually evolving. Regulation, rightly, looks to maintain the pace but has also made OT cybersecurity a daunting challenge for most organisations. This report simplifies that problem, bringing together all the information necessary to develop an effective OT Cyber Security Management System.
“No system is impregnable, and vulnerabilities will continue to be discovered across the OT domain. Even with generous investment, no plant can completely eliminate its risk exposure. It stands to reason that a holistic approach to cyber-security is the only way to keep pace with the latest generations of malware tailored to industrial control systems.”
To download a copy of Industrial Cyber Threats: Processes & Protection for Industrial Control Systems, please visit: https://info.yokogawa.eu/acton/media/18463/industrial-cyber-threats-guide.