The security of the operating system and applications is of crucial importance for the economic success of all companies. However, very few people know that so-called OT security is just as vulnerable as IT.
In the manufacturing industry in particular, companies now often have their own production facilities that are linked to the internal IT landscape. Simeon Mussler, COO at Bosch CyberCompare, explains which three aspects companies need to address first to adequately protect their industrial assets.
raise awareness
Trojans, phishing e-mails, data leaks – while the media have once again contributed a lot to awareness of the topic of IT security in recent months and years, many companies overlook the danger of networked production facilities. The Cybersecurity Benchmark Report 2023 shows that employee awareness of OT security is particularly low. Smart manufacturing and IoT not only make it possible to make processes more efficient and production more agile, they also offer an equally large new target for hackers. It becomes particularly problematic when the workforce is not aware of this security risk.
In contrast to IT security, the importance of which most people are now aware of through various security training courses, OT security has so far lacked specific training courses. Companies must therefore actively bring the problem area onto the radar of the workforce. A standstill in production due to a hacker attack can cause considerable financial damage and jeopardize the company's success in the long term.
A first step should therefore be to present the individual production steps, including all data points, in such a way that they can also be understood by the workforce. Because in contrast to pure office IT, the operations technology of a manufacturing company is much more complex. Above all, it is important to make every employee aware of which areas of production are particularly critical and would therefore represent the preferred target of attacks.
Transparency creates security
In addition, a rethink is already necessary in the purchasing phase of large production machines: Decision-makers must focus more on cybersecurity aspects during the selection process. This includes dealing with vulnerability management, remote maintenance concepts and the lifecycle management of the respective operating systems.
At this point, companies must enter into a constructive exchange with the suppliers and manufacturers of machines and systems. These can position themselves as strong partners alongside the manufacturing industry and help them to bring a fine-meshed and clear structure to the industrial plants. In turn, the decision-makers in the company generate transparency about their production lines - and thus create a safer environment.
Improve vulnerability management
As a result, two further aspects emerge: critical plant areas and weak points in the system. Experience has shown that the operational complexity of production prevents faster response times and better weak point management. However, if companies create transparent plant systems, they can define which machines are particularly important for the continuation of production. You may also need to be able to walk for days without contact with IT to avert major financial damage. It makes sense for these areas to implement manual workarounds so that they can also work "past" malicious touchpoints.
A clear structure also reveals previously undiscovered weaknesses in production. Once these are defined, it is important to clarify how they can be rectified. In the case of patches, the internal IT department must define new patch cycles. Unlike office IT system updates, machines can't necessarily be shut down on Friday evenings to be patched. This is where, for example, shift changes come in handy, in which production can be gradually throttled – after all, the entire machine shouldn’t be stopped at the same time.
OT security is lagging behind
It is not surprising that OT security is still lagging behind an IT security strategy in many places. In times of the IoT, however, it is all the more important that companies put an adequate security strategy for their operations technology on the agenda. Otherwise, they risk being left behind in an increasingly connected world. If they want to protect their industrial plants from cyber attacks, manufacturing companies must now implement the first measures, check them regularly and update them if necessary.
More at CyberCompare.com
About Bosch CyberCompare
CyberCompare is an independent shopping platform for CyberSecurity. We help customers prioritize, specify requirements and service descriptions, compare offers, conduct market research and create concrete decision templates with clear recommendations. Our goal is always to make cybersecurity easier, more understandable and more affordable. We aim to save time, money and resources for both customers and providers, and to develop clear decision-making templates for our customers. CyberCompare is a one-stop shop for both parties. As a partner, we can join forces, find new answers together and increase everyone's safety together. When selecting providers and evaluating offers, we draw on the experience of Bosch and the feedback from our now around 300 external customers from DACH and UK. With our help, you save time and make optimal use of your budget.
Matching articles on the topic