The challenge to protect industrial systems
Operational technology (OT) and information technology (IT) used to be separate for decades as there was simply no reason to integrate these two areas. Stable OT systems were basically left untouched during the lifetime of a production plant, while IT has always had a reputation for needing frequent changes and being vulnerable to cyber security issues. Nowadays, the concepts of digitalization, Industry 4.0, and IIoT (industrial IoT) make the convergence of IT and OT mandatory in order to optimize business models and production agility.
In order to do this in a secure way, the following cyber security life cycle has to be implemented and executed:
1. Identify: All systems and solutions connected with the network. Only known infrastructure components can be monitored and secured.
2. Protect: Secure all infrastructure components with the latest updates and replace standard settings and passwords. Use network separation and firewalls.
3. Detect: Monitor the whole infrastructure for known vulnerabilities and attacks.
4. Respond: Respond as quickly as possible to detected breaches or other issues in a predefined manner.
5. Recover: When things go wrong (and they will!), restore operations quickly using your backups to minimize service interruption.
6. Comply: Compliance is not only important once a year to get the authorities’ approval. Compliance must be guaranteed 24x7. This can be achieved by implementing and executing the cyber security life cycle in a compliant way.
To read the whole InBrief report on this topic, please click here.