Why cyber security for digital plants needs more than ‘serious attention’

The digital revolution is creating a raft of new opportunities for the manufacturing industry; but with those opportunities come significant new risks.

While companies taking plant technology online benefit from increased efficiency, flexibility and precision, they also expose themselves to the risk of cyberattacks, with hackers are becoming more sophisticated all the time.

Critical Infrastructure

Vulnerabilities in critical infrastructure industrial control systems are amongst the biggest threats to national security, according to cyber defense experts.

“Industrial control systems… are based onlegacysystems, which is creating opportunities for attackers as we move to a process control network environment,” says Azeem Aleem, Director of Advanced Cyber Defense Practice for Europe, Middle East and Africa at the RSA cybersecurity organization.

Business is finally waking up to the risks. In 2004, the global cybersecurity market was valued at US$3.5 billion. In 2015 it was US$78 billion and is projected to be worth US$120 billion by 2017.

Industry Examples

Tatneft is one of Russia’s largest energy companies, with more than 80 oil production fields across the country.

Its industrial operations include oil and gas production, oil refining, petrochemicals, tires and a national network of filling stations.

Like many companies, Tatneft faces the challenge of balancing the benefits of automating its processes while ensuring those systems are well protected against cybersecurity threats.

Tatneft has brought in Kaspersky Labs to train staff and introduce specialized cyber protection for its automated command and control systems.

Another company working on infrastructure protection is California’s Palo Alto Networks, which has formed a partnership with Honeywell - a provider of automation control, instrumentation and services for a variety of critical industries, including oil and gas.

Mitsubishi Heavy Industries and NTT are also focusing on critical infrastructure protection with their prototype InteRSePT (Integrated Resilient Security and Proactive Technology) designed for infrastructure such as power stations and chemical plants.

Failing to Keep Pace

While there is a growing engagement with the problem of cyber-security, there is clearly a long way to go when it comes to plant protection.

A survey carried out by the UK manufacturers' association, EEF, shows that many organizations still need to upgrade their security.

The research showed that while cyber security is given “serious attention” at board level by nearly two-thirds of companies that responded, there are still significant failings elsewhere.

Investment in cyber-security has stagnated, with half of manufacturers making no increase in cyber security investment. Among small manufacturers, that figure rises to 56%.

Only 36% said they have an incident response plan in place, while 20% said they do not make their employees aware of cyber risks in company policies.

“As technology and data start to play increasingly critical roles in manufacturing, companies will inevitably find themselves more vulnerable to cyber breaches... investment in new technology isn't being matched by investment in managing risks, especially among smaller firms,” says Lee Hopley, Chief Economist at EEF.

“It is important that manufacturers are able to identify, understand and put the correct strategies in place to keep their businesses safe and cyber secure,” she adds.

Another Revolution

The digital revolution is characterized by a fusion of technologies that is blurring the lines between the physical, digital, and biological spheres. It has been called the Fourth Industrial Revolution – and for good reason.

The changes it is bringing are profound and far-reaching. But industry has to adapt on all levels to keep up.

It is not just about having the latest automation and robotics system; it is just as much about making sure those systems are protected by the most advanced cyber-security measures available to ensure the integrity of the entire organization.