When OT converges with IT: industrial cybersecurity in the age of hyperconnectivity

by Karim Azer-Nessim - Cyber Security Director
| minute read

New technologies based on artificial intelligence (AI), such as the Internet of Things (IoT), big data and robotics, are quickly gaining ground, making the Fourth Industrial Revolution – or Industry 4.0, as it is better known – a sudden reality. Along with this new reality, however, comes a slew of new security risks. Risks that the industrial sector itself, ironically enough, is not or insufficiently equipped for to address today. This is where Industrial Cybersecurity 4.0 comes into play.

According to the NTT Security 2019 Global Threat Intelligence Report, European production companies still have a very long way to go in order to achieve real, full-fledged cybersecurity maturity. It is true that these companies saw the number of cyberattacks against them halved in 2018, but with an average cybersecurity maturity score of 1.15 out of 5, there is still very little reason to rejoice. Especially since last year’s sudden and unexpected drop in the number of attacks doesn’t look set to continue in the coming years. On the contrary: the rapid digital transformations that our production companies are currently undergoing are aimed at connecting everything and everyone. That drive towards hyperconnectivity makes them extra vulnerable to all kinds of new dangers, and therefore extra attractive as a target for cybercriminals.

Industrial Cybersecurity 4.0.

Spurred on by this hyperconnectivity trend, the breadth of cyberattacks is not only growing in volume but also in complexity. And as our current approach to securing industrial information systems turns out to be limited and no longer fit for purpose when confronted with such increasingly complex attacks, we need to find a new approach: Industrial Cybersecurity 4.0.

The fact is that Operational Technology (OT), which covers physical systems such as robots, has long been disengaged from the cybersecurity world. Until recently, that kind of technology was purposefully siloed: individual systems were isolated with little connectivity to other networks. With the convergence of OT and IT, and with the advent of the new and connected technologies that are driving Industry 4.0, this is no longer the case.

Auto-adaptive model.

Creating a secure industrial environment in today’s increasingly complex and unpredictable industrial landscape requires a more advanced, auto-adaptive protection model. It should aim to optimise security while maintaining robust operations. That means taking into consideration the performance-sensitive environment in which industrial systems are now also expected to allow collaboration – and in real time to boot! To meet the flexible and dynamic needs of this modern industrial-level cybersecurity, equally flexible and dynamic solutions are required that can reconfigure themselves automatically when a change in environment is detected.

While protecting their most critical assets, this new approach to cybersecurity should also allow industrial companies to meet compliance requirements within the confines of Industrial Standards. In the end, however, regulations for compliance too will need to be adapted to the special environment of Operational Technology.

Regulatory compliance is, in fact, one the three pillars of industrial cybersecurity that Sopra Steria colleague Michel Hoffmann, specialising in that topic, discusses in more detail. This blog post is largely inspired by his findings.