A robust OT cybersecurity strategy

Issue 7 2022 Editor's Choice, Information Security, Infrastructure, Industrial (Industry), IoT & Automation

The need for a solid cybersecurity strategy is constantly discussed and debated. Yet the basic worm-type attacks first documented in 1972 are still with us today. This is because even the most basic measures to protect control systems from these types of attacks are still not employed systematically. It is difficult to believe there are still thousands of systems in operation today without any basic security controls in place.

Charles Blackbeard.
Charles Blackbeard.

If you own a car, a house or a boat – just about any ‘big ticket’ item that would be expensive to replace – you protect that asset with insurance. However, when it comes to control system cybersecurity, this thinking is often not applied. Cyber experts are still struggling to convince senior management to spend money to protect their control system assets.

Why do companies not invest in cybersecurity? Partly, it is due to the issue of convincing companies to spend money on something that has no measurable return on investment (ROI). Of course, everyone knows cybersecurity is important and falls into the general category of risk management.

Control system owners do deploy cyber and security solutions, as they are aware of the problem and take actions to avoid risks. However, many in the industrial world are still too focused on the big attack or hack, when the more likely risk is common malware that impacts a control system because it is running older, unprotected and unpatched operating systems.

This risk exists even if the system is ‘air-gapped’ from the business’s network. People often introduce data and software from removable media such as USB drives, exposing their systems to the potential for viruses along the way. As these air-gapped systems become more interconnected to enable integration with business applications, they become increasingly exposed to the Internet.

This vulnerability occurs because there is a fundamental disconnect in securing operational technology (OT) versus information technology (IT). As OT becomes more exposed to the Internet, it faces the same cybersecurity threats as any other networked system, as operators have adopted the same hardware, software, networking protocols and operating systems that run and connect everyday business technologies, such as servers, PCs and networking equipment.

Getting up to cyber speed

When thinking about how to get started to fortify your cybersecurity profile, do not just look for some new technology that claims to mitigate all your risks – it does not exist. Doing the basics well, before investing in advanced cyber technologies, is the key. To minimise your risks and get the most protection in the least time, you first need to plan and develop a cybersecurity programme that:

1. Identifies what assets you are trying to protect.

2. Determines how you are going to protect those assets.

3. Enables intrusion detection and monitoring.

4. Defines incident response processes and procedures.

5. Verifies mechanisms to restore and recover assets.

6. Ensures compliance with all regulatory standards set by local governing bodies.

These six steps follow well-trodden ground. All cybersecurity best-practice frameworks can be distilled into these basic steps: identify, protect, detect, respond, recover and comply. Understanding and managing the risks associated with a cyberattack and then protecting against these, or mitigating the consequences, can seem a daunting prospect, especially when this needs to be done in conjunction with the day job of keeping a plant up and running.

ABB has enjoyed the following global successes in terms of its cybersecurity systems and solutions:

• For a speciality chemicals company in the UK, ABB provided training to help employees spot, understand and remediate cybersecurity attacks. This was because the client had already identified a weakness in its employees’ knowledge regarding cybersecurity. ABB provided a Cyber Security Gap Assessment and recommended its T153 Cyber Security Training Course. The result was increased awareness on the part of employees, reducing the likelihood of cyberattacks succeeding due to human error.

• For a natural gas storage facility in Germany, ABB provided a cybersecurity solution for regulatory compliance with ISO 27001. This was necessary for visibility of security events in DCS systems and connected networks, and to allow continuity with a dedicated partner. ABB Ability Cyber Security Event Monitoring allowed for automated ISO 27001 reports and monitoring through ABB’s collaborative operation centre in Germany.

• ABB also assisted a European energy provider with ISO 27001 regulatory compliance. ABB Ability Cyber Security Event Monitoring was implemented without affecting production. This solution was deployed across multiple IT and OT systems distributed across Austria. Here, ABB’s OT security expertise also covered third-party vendor systems. Benefits included reduced effort to meet compliance deadlines, increased cyber resilience and access to ABB’s industrial cybersecurity experts.

Understanding and managing the risks associated with a cyberattack, and then protecting against these or mitigating the consequences, can seem a daunting prospect, especially when this needs to be done in conjunction with keeping a plant up and running. The adage of ‘it’s a journey, not a destination’ is very true when it comes to OT cybersecurity. ABB can support companies with this journey, and can do so in small ‘bite-sized’ steps to help companies take the next step.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Balancing secure access control and fire safety
Editor's Choice Access Control & Identity Management Fire & Safety
In modern building management, few topics create as much tension as the intersection between security access control and fire evacuation safety. Nichola Allen of G2 Fire sheds light on this delicate balance.

Read more...
Fire safety in South Africa
Technoswitch Fire Detection & Suppression Technews Publishing SMART Security Solutions Editor's Choice Fire & Safety Security Services & Risk Management
Fire safety is sometimes ignored, sometimes relegated to whatever is cheapest, and sometimes treated with the seriousness it deserves, given that it focuses on protecting life and assets.

Read more...
A risk-based approach to fire safety
Fire & Safety Security Services & Risk Management Industrial (Industry) Agriculture (Industry)
A report by fire engineering consultancy ASP Fire is challenging blanket assumptions around combustible-core sandwich panels, arguing instead for a rational, risk-based approach that balances fire safety requirements with commercial realities in sectors such as agriculture, manufacturing and industrial processing.

Read more...
Preventing and suppressing lithium fires
SMART Security Solutions Technews Publishing Editor's Choice Fire & Safety Security Services & Risk Management Smart Home Automation
SMART Security Solutions asked Clyde Becker, director of Pyro Brand, for some insight into the mechanics of lithium-ion battery fire risks, especially thermal runaway, and to define a comprehensive, layered approach to fire detection and suppression.

Read more...
Increase in cyberattacks on the manufacturing sector
Security Services & Risk Management News & Events Industrial (Industry)
According to a new Kaspersky ICS CERT report, in the first quarter of 2026, the percentage of industrial control systems (ICS) on which malicious objects were blocked reached 19,6% globally.

Read more...
NEC XON detects and stops ransomware attack
NEC XON Information Security IoT & Automation
Ransomware attacks rarely begin with chaos. More often, they start quietly, with probing, mapping, and patient reconnaissance inside a target’s network. That was the situation facing a global recruitment firm when cybercriminals attempted to navigate its systems.

Read more...
Sophos establishes South African legal entity to strengthen local operations
News & Events Information Security
Global cybersecurity company, Sophos, has announced the formation of its local legal entity, which will support local invoicing, partner enablement, compliance requirements and expanded regional investment.

Read more...
From drone market growth to application-level commercialisation
IoT & Automation Infrastructure
After years of pilot projects and technology validation, the question for the market is shifting from whether drones can fly safely and collect data, to where they can deliver repeatable operational value at scale.

Read more...
Cybersecurity in a digitally connected security industry
SA Technologies Information Security IoT & Automation
As more organisations move towards digital visitor management, cloud-based access control, mobile applications, biometric verification, and connected security platforms, cybersecurity must be viewed as part of the full security environment.

Read more...
AI-enabled NVR for Milestone XProtect
Surveillance Infrastructure Products & Solutions
As surveillance environments continue to grow in scale and complexity, organisations need infrastructure that is easy to deploy, simple to manage, and ready for AI-driven workloads.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.