More and more companies are integrating information technology, such as sensors and other IoT devices, into their operational systems. This convergence of IT and OT, in addition to a lot of benefits, also brings additional security risks. To cover these risks, companies need a solution as well as a partner that master both domains, such as Fortinet and Inetum.
The recent incidents at beer producer Duvel-Moortgat and coffee roaster Beyers are prime examples: cybercriminals are increasingly targeting manufacturing companies. This is largely due to the rapid digital transformation of manufacturing companies. Driven by the demands and expectations of the business, plant managers are very purposefully relying on all kinds of new technologies that support Industry 4.0: from IoT to AI.
Enhanced connectivity
Central to the concept of Industry 4.0 is the collection of large amounts of data through interconnected technology systems. In-depth analysis of all that data should allow manufacturing companies to improve their industrial processes. The interconnectedness of all those different systems should not only help create an overall picture of the dispersed data, but also allow new connections to be discovered.
"In the past, OT systems were not connected, or at least not to that extent,” says Koen Tamsyn, Business Unit Lead Cybersecurity at Inetum. Today, that is different. That is evidenced, among other things, by a study conducted by the SANS Institute. “Almost half of all companies surveyed indicate that the connectivity of their operational control systems has increased significantly.” There are good reasons for this, according to Koen Tamsyn. “In addition to capturing the operational data they need to optimize their processes; they also want to be able to control and maintain those operational systems remotely.”
Expanded attack surface
This strong increase in connected systems offers opportunities for the business, but also exposes them to new risks. "The attack surface is expanding," emphasizes Koen Tamsyn. "Critical operational systems, responsible for production, for example, are now in the sights of cybercriminals. They can now use this route to break into your organization as well. What's more, the damage done is significantly greater and far more severe for most manufacturing companies, precisely because their production itself is now compromised."
Fortunately, affected companies are increasingly sharing information about such cyber incidents. The increased visibility of incidents with an operational impact today contributes to increased awareness of risk management and cybersecurity in operational environments that were not or not sensitive enough to these concerns in the past. On top of that, there is the increased pressure from a variety of regulations, such as the EU's NIS2 directive. "In that directive, OT security is not explicitly mentioned," Koen Tamsyn points out. "However, the directive applies to any connected device, even a coffee machine, so it certainly does not only concern IT security."
Fundamental differences
As awareness of OT security is growing in manufacturing companies, Koen Tamsyn, and his colleagues must conclude that the knowledge and experience in this area are not always available. "And precisely because the possible impact of security interventions and incidents on such an operational environment is so much greater, it raises the bar for taking action on their own." It is a matter of finding a suitable partner who, ideally, can provide the necessary knowledge and experience in both IT security and OT security.
"It’s not easy," acknowledges Koen Tamsyn, "because both security domains are fundamentally different. For example: with OT security, the safety and availability of the operational systems are crucial parameters. You want to avoid work accidents at all costs and your systems must run continuously. With IT security, the integrity and confidentiality of the data are decisive. You don't want anyone to be able to change your data just like that. And you want only the right people to have access to that data. That is a completely different perspective on security, which means that it isn’t always easy to get IT and OT security specialists to communicate with each other."
Advanced segmentation
In that regard, it is worth noting that Inetum is not only a recognized provider of IT security services. "For years, we have also been focusing on the convergence of IT and OT. Meanwhile, together with our technology partner Fortinet, we have built up extensive knowledge and experience, successfully completing several major projects in this domain."
Inetum consistently follows a fixed step-by-step plan. "First, we create the necessary visibility, so that you get a good overview of your OT environment. For this, we use tools for asset inventory and asset management. Step two is equally important. We will segment your networks in a thorough way, so that in case of an incident the impact is limited to ideally one segment. We will also monitor the traffic between all these segments. This allows you to implement your security rules very granularly and to carefully develop your OT security policy."
The next step addresses authentication and securing remote access to systems, particularly through MFA. "Finally, we check your applications, clearly indicating which ones are and are not allowed to run in your OT environment, and we start virtually patching your systems. This way, we take the security of your OT environment to a higher level of maturity."
