printer friendly version

OT, 4IR and cybercrime

Hennie Colyn.

The convergence of OT (operational technology) and IT in industrial environments offers numerous and tangible benefits. When 4IR technologies are added to the mix, the sky becomes the proverbial limit.

However, the above proliferation has also opened operational systems to cyberattacks, traditionally reserved for IT. Unfortunately, numerous organisations still have a lot of work to do to ensure they do not become the next name in a long list of cybercrime victims.

A recent Claroty global survey^[1] confirms the above. The report surveyed 1100 IT and OT security professionals and revealed that 80% of the respondents had fallen victim to ransomware attacks targeting critical infrastructure.

The reality is that unless data centre managers’ start reducing risks to OT systems, the abovementioned statistics will become the tip of the iceberg. In fact, TechMonitor^[2] estimates that global cost of cybercrime will reach $10.5 trillion by 2025.

The target on OT’s back

OT infrastructure forms an integral part of data centre environments, delivering important functionality to critical services and industries such as energy and utilities, water and wastewater (WWW) plants, and transportation.

Datacentres exist at the interaction of IT and OT, which can expose it to additional cybersecurity threats. This interplay between IT and OT becomes even more personal with the adoption of 4IR, driven by digitalisation.

The increased exposure of OT environments to cyber dangers is an unfortunate side effect of digitalisation. The addition of digital applications and IoT connections to capture and analyse data from OT equipment has widened the cyberattack surface. Furthermore, industrial operations continue to rely on legacy equipment that was not designed with protection against cyber dangers.

These issues create vulnerabilities that threat actors are very happy to explore. Sponsored hacker groups are of particular concern as they may choose high profile, critical infrastructure targets.

Hardening infrastructure

Fortunately, there are numerous ways of safeguarding OT systems, and the data centres they resides in, against cyberattacks. However, it requires investment and commitment across the entire organisational structure.

For one, OT cyber defences require a multi-layered, integrated approach that considers the environment’s vulnerabilities and addresses internal and external threats. It is important to update processes and security as technology evolves.

Global standards can also provide valuable guidance in best operational practices. The IEC 62443-2-4 standard specifies security capability requirements for integration, operational, and maintenance for deployed devices, systems, and network components. It provides a comprehensive set of cybersecurity standards for industrial automation and control systems that can be applied to the data centres’ critical infrastructure.

Organisations grappling with how best to secure their OT environments can also partner with technology and service providers that offer decades of experience and sophisticated cybersecurity solutions, to address vulnerabilities, while improving efficiencies.

For example, Schneider Electric’s Cybersecurity Application Platform (CAP) provides an integrated cybersecurity solution, enabling operations teams to have real-time visibility of their cybersecurity environment while reducing the complexity of OT environments.

Resources

^[1] www.securitysa.com/*se5

^[2] www.securitysa.com/*se6

Share this article:

Further reading: