A robust OT cybersecurity strategy

Issue 7 2022 Editor's Choice, Information Security, Infrastructure, Industrial (Industry), IoT & Automation

The need for a solid cybersecurity strategy is constantly discussed and debated. Yet the basic worm-type attacks first documented in 1972 are still with us today. This is because even the most basic measures to protect control systems from these types of attacks are still not employed systematically. It is difficult to believe there are still thousands of systems in operation today without any basic security controls in place.

Charles Blackbeard.
Charles Blackbeard.

If you own a car, a house or a boat – just about any ‘big ticket’ item that would be expensive to replace – you protect that asset with insurance. However, when it comes to control system cybersecurity, this thinking is often not applied. Cyber experts are still struggling to convince senior management to spend money to protect their control system assets.

Why do companies not invest in cybersecurity? Partly, it is due to the issue of convincing companies to spend money on something that has no measurable return on investment (ROI). Of course, everyone knows cybersecurity is important and falls into the general category of risk management.

Control system owners do deploy cyber and security solutions, as they are aware of the problem and take actions to avoid risks. However, many in the industrial world are still too focused on the big attack or hack, when the more likely risk is common malware that impacts a control system because it is running older, unprotected and unpatched operating systems.

This risk exists even if the system is ‘air-gapped’ from the business’s network. People often introduce data and software from removable media such as USB drives, exposing their systems to the potential for viruses along the way. As these air-gapped systems become more interconnected to enable integration with business applications, they become increasingly exposed to the Internet.

This vulnerability occurs because there is a fundamental disconnect in securing operational technology (OT) versus information technology (IT). As OT becomes more exposed to the Internet, it faces the same cybersecurity threats as any other networked system, as operators have adopted the same hardware, software, networking protocols and operating systems that run and connect everyday business technologies, such as servers, PCs and networking equipment.

Getting up to cyber speed

When thinking about how to get started to fortify your cybersecurity profile, do not just look for some new technology that claims to mitigate all your risks – it does not exist. Doing the basics well, before investing in advanced cyber technologies, is the key. To minimise your risks and get the most protection in the least time, you first need to plan and develop a cybersecurity programme that:

1. Identifies what assets you are trying to protect.

2. Determines how you are going to protect those assets.

3. Enables intrusion detection and monitoring.

4. Defines incident response processes and procedures.

5. Verifies mechanisms to restore and recover assets.

6. Ensures compliance with all regulatory standards set by local governing bodies.

These six steps follow well-trodden ground. All cybersecurity best-practice frameworks can be distilled into these basic steps: identify, protect, detect, respond, recover and comply. Understanding and managing the risks associated with a cyberattack and then protecting against these, or mitigating the consequences, can seem a daunting prospect, especially when this needs to be done in conjunction with the day job of keeping a plant up and running.

ABB has enjoyed the following global successes in terms of its cybersecurity systems and solutions:

• For a speciality chemicals company in the UK, ABB provided training to help employees spot, understand and remediate cybersecurity attacks. This was because the client had already identified a weakness in its employees’ knowledge regarding cybersecurity. ABB provided a Cyber Security Gap Assessment and recommended its T153 Cyber Security Training Course. The result was increased awareness on the part of employees, reducing the likelihood of cyberattacks succeeding due to human error.

• For a natural gas storage facility in Germany, ABB provided a cybersecurity solution for regulatory compliance with ISO 27001. This was necessary for visibility of security events in DCS systems and connected networks, and to allow continuity with a dedicated partner. ABB Ability Cyber Security Event Monitoring allowed for automated ISO 27001 reports and monitoring through ABB’s collaborative operation centre in Germany.

• ABB also assisted a European energy provider with ISO 27001 regulatory compliance. ABB Ability Cyber Security Event Monitoring was implemented without affecting production. This solution was deployed across multiple IT and OT systems distributed across Austria. Here, ABB’s OT security expertise also covered third-party vendor systems. Benefits included reduced effort to meet compliance deadlines, increased cyber resilience and access to ABB’s industrial cybersecurity experts.

Understanding and managing the risks associated with a cyberattack, and then protecting against these or mitigating the consequences, can seem a daunting prospect, especially when this needs to be done in conjunction with keeping a plant up and running. The adage of ‘it’s a journey, not a destination’ is very true when it comes to OT cybersecurity. ABB can support companies with this journey, and can do so in small ‘bite-sized’ steps to help companies take the next step.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
Fastest PCIe Gen 5.0 NVMe SSD
Products & Solutions Infrastructure
Sandisk has unveiled the WD_BLACK SN8100 NVMe SSD with PCIe Gen 5.0 technology, an internal SSD delivering speeds up to 14 900 MB/s and capacities up to 4 TB, with 8 TB solutions available soon.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Unified storage solution
Products & Solutions Infrastructure
CASA Software has announced the local availability of Nexsan’s upgraded unified storage solution, Unity NV4000, which is ideal for mixed workloads, from virtualisation and video surveillance to secure backup and recovery.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Winners of the 2025 Southern Africa OSPAs
Editor's Choice
The winners of the 2025 Southern Africa Outstanding Security Performance Awards (OSPAs) were revealed on Wednesday, 4th June, at Securex South Africa. Winners from all categories (except the Lifetime Achievement) will be featured in the second Global OSPAs set to take place in 2026.

Read more...
Cybersecurity a challenge in digitalising OT
Kaspersky Information Security Industrial (Industry)
According to a study by Kaspersky and VDC Research on securing operational technology environments, the primary risks are inadequate security measures, insufficient resources allocated to OT cybersecurity, challenges surrounding regulatory compliance, and the complexities of IT/OT integration.

Read more...
Security and privacy: Is one without the other possible?
IoT & Automation Industrial (Industry)
OEMs have a duty to protect privacy as much as security. If security protection is about keeping people out of an embedded device, privacy protection safeguards the data inside the device.

Read more...
Deepfakes and digital trust
Editor's Choice
By securing the video right from the specific camera that captured it, there is no need to prove the chain of custody for the video, you can verify the authenticity at every step.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.