Protecting the machines

July 2018 Editor's Choice, Cyber Security, Integrated Solutions, Industrial (Industry)

Industrial installations are busy, dirty and more often than not filled with dangers due to machinery malfunctioning or careless actions by people. These days, however, industrial concerns are also under fire from cyber-attacks designed to sabotage processes and machinery, delay the company’s operations or bring the operations to a halt, impacting everyone relying on the industry concerned.

Scada (supervisory control and data acquisition) systems were designed for operations, not security, making them a juicy target for hackers wanting to mess about with process controls, PLCs and other industrial controllers. More importantly, an expert in scada processing is not necessarily a cybersecurity expert, not yet anyway.

This means that security operations at industrial sites need to include cybersecurity and it needs to be treated with the same importance as the physical security of the site as well as health and safety standards. Hi-Tech Security Solutions asked two industry experts for their take of industrial cybersecurity: Jason McGregor, business development manager, digital security & CCTV, Dell EMC South Africa, and Carey van Vlaanderen, CEO at ESET Southern Africa.

Hi-Tech Security Solutions: Industry 4.0 reads well in the media, but what exactly does this idea entail and how does it expose industrial operations to more cyber risks?

Jason McGregor: With Industry 4.0, the interconnectivity increases, but this brings new challenges in the form of increased exposure to cybersecurity attacks. Industrial systems are moving from scada to open protocols, or even just interconnecting with more traditional computers and networks that are better connected and generally easier to compromise.

The fact is, the more end-points (eg. sensors) you have and the more locations in which you store your data (eg. cloud), the more signals you put out into the virtual world and the more your perimeter disappears. This makes detection much more difficult, especially when you don’t add staff.

Carey van Vlaanderen: The fourth industrial revolution brings with it a new operational risk for connected, smart manufacturers and digital supply networks: cyber. The interconnected nature of industry 4.0-driven operations and the pace of digital transformation mean that cyber-attacks can have far more extensive effects than ever before, and manufacturers and their supply networks may not be prepared for the risks.

Hi-Tech Security Solutions What are the primary cybersecurity risks facing industrial operations today?

Jason McGregor: The primary risks to data today are data deletion or destruction, and of course encryption via some form of ransomware. The threat actors can be criminals looking to make a profit or being paid to damage a business, or they could even be nation states – as we saw with the NotPetya malware ( These cyber weapons are so powerful they can cause hundreds of millions of dollars in losses, even when the injured party was not the target.

The NotPetya attack didn’t target specific companies; it was a Russian attack on Ukraine. However, over 60 companies saw the impact when they downloaded the affected malware through their supply chain. As an example of the costs involved in such an attack, pharmaceutical giant Merck says the attack cost it $300 million in its third quarter alone – “$135 million from lost sales and approximately $175 million in costs, spread across the cost of goods sold and the operating expense lines”.

Shipping giant Maersk claimed that the ransomware also cost the company as much as $300m, while FedEx was said to have been hit with a similar loss in its first quarter.

It’s also important to note that attacks don’t only come from outside. The insider threat is also a growing concern for companies globally.

Carey van Vlaanderen:

a. Running outdated infrastructure without proper patching process and security measures.

b. Adding ‘smart’ devices to the network, that have no protection.

c. Internal incidents spurred by accidental actions.

d. External threats from hacktivists and state-funded attacks.

e. Extortion – including ransomware.

Hi-Tech Security Solutions: How can a cybersecurity breach impact operations? And, how can good cybersecurity defences help to improve operations?

Jason McGregor: The velocity of cybersecurity attacks are extremely rapid and can spread within seconds and the impact on highly-connected business can be significant. Hundreds to thousands of critical servers, desktops, phones can be rendered useless almost instantly. The supply chain impact can also be substantial, bringing logistics, production and operations to a complete halt (as with Maersk and FedEx above). In the worst case, it can lead to the shut down or even bankruptcy of the company.

A complete, well thought out cybersecurity defence is therefore critical. That defence has to protect against both traditional breaches and theft of data, and the attacks listed above. Leveraging standards such as NIST CSF (Cybersecurity Framework) or ISO 27001 (Information Security Management) is critically important.

Carey van Vlaanderen: The loss of proprietary information is the most likely consequences of an ICS security incident. But the consequences of cybersecurity breaches in operations are far greater than simply financial cost. Companies seem to underestimate the impact on the environment, critical services and national security, but also the fact that – in their extreme – such incidents can result in loss of life, the reputational issues of which can significantly damage brands, lead to mistrust in industries and cause companies to close.

The convergence of operational technology (OT) and information technology (IT) are coming together as IT shops deploy software on top of OT communications to try to improve the efficiency of a plant or facility. This IT/OT convergence means that the potential impact on a security breach can extend well beyond data loss into areas of physical and human risk.

A single cyberattack on an oil and gas plant costs an average of $13 million according to Frost & Sullivan. Or a power outage, as seen in case of BlackEnergy ( or Industroyer (, can paralyse large regions, cities, city parts as well as their essential services. There are many potential weak links, such as city’s smart traffic signals, city water or power infrastructure, or outdated healthcare facilities, which could all be targeted by the attackers and lead to chaos, damage to health, life and property.

In addition to securing all the above mentioned critical systems by proper and multi-layered security, companies can also conduct security awareness programmes for staff, contractors and partners. Organisations that take the previous steps typically experience less financial loss. Investing in cybersecurity awareness for all staff is therefore critical in the effort to secure one’s systems and infrastructure.

Hi-Tech Security Solutions: How important is it for these concerns to integrate their security defences, even as far as integrating cyber and physical security? Is this a necessity or a nice-to-have?

Jason McGregor: Companies that were hit by the ransomware attacks above had good detection and prevention strategies in place, but they were still breached and had to resort to backups after nothing was left of their IT environment. A strong and sound recovery strategy has become essential to be prepared for a full-blown cybersecurity breach.

This is an absolute necessity both from an operational as well as from a legal or regulatory standpoint. Most industries in almost every country have some cybersecurity requirements that apply to them. For corporations with shareholders, the board usually has a fiduciary responsibility to protect the ongoing operations of the business. Failing to provide proper security – cyber and physical – is a derogation of those duties.

Carey van Vlaanderen: It is absolutely a must have. ESET experts consistently stress that many industrial environments are still running outdated systems which are not protected well enough. Based on our experience, companies often underestimate the impact of cyber risks and only build and invest in proper security measures after a breach has happened. The threat of an attack inside industrial control systems (or supply-chain), however, is very real as we have seen on multiple occasions in the past years in cases such as BlackEnergy, NotPetya and Industroyer.

Hi-Tech Security Solutions: What strategy should industrial companies take when dealing with cybersecurity risks given that this is not an area they are traditionally worried about?

Jason McGregor: My experience is that many of these companies are aware of the risks they face, but their cost/risk analysis wound up focusing more on physical threats for various reasons. That has changed. Today, cybersecurity is consistently ranked #1 in spending priority in surveys from organisations such as the Enterprise Strategy Group.

Companies know this is a primary concern and they are eager to do something about it. Many large companies have CISO/CSO in place to handle the task, but the challenge that often has to be overcome is a coordinated strategy between security and IT people. For example, data recovery (or cyber recovery) plans are often not coordinated with an overall incident response plan.

As noted above, a cyber-recovery strategy needs to be an integral part of cybersecurity defences. A good cyber-recovery strategy is needed to prepare for worst-case scenarios so that the organisation can respond more quickly and effectively. In addition, copies of critical data should be stored in an air-gapped vault that can be used to recover critical applications if the IT operations have been compromised.

Carey van Vlaanderen: Companies that have the necessary funds and opportunity should move to newer and better protected operating systems. There is also scope for companies to further protect themselves with increased usage of vulnerability scans and patch management.

As the WannaCry pandemic has shown, the up-to-date patching of generic systems like Windows OS is a crucial security measure. Running updated and multi-layered security solutions on all potentially ‘interesting’ systems is also a way to improve protection of the ICS environment. There is also a very real need for education and assistance to ensure the network security of industrial environments and to reduce risk of any kind of breach.

ICS cybersecurity risk management is recognised to be a growing need for organisations. Companies therefore need to know what the risks are. They need to have trained and qualified staff available to identify risks and manage the businesses response, and have in place the right controls and software to protect those systems and hardware. There’s a clear need for raising levels of awareness of all staff about the cyber risks within operational technologies.

For more information, contact:

• Dell Technologies, +27 76 663 6820,,

• ESET-SA, +27 21 659 2000,,


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Insights from the 2023 Cloud Security Report
News Cyber Security
Increased costs, compliance requirements, hybrid and multi-cloud complexities, reduced visibility, and a lack of skilled practitioners cause organisations to slow or adjust their cloud adoption strategies.

New algorithm for OT cybersecurity risk management
Industrial (Industry) Cyber Security News Commercial (Industry)
OTORIO’s new risk management model and attack graph analysis algorithm technology, calculates OT cybersecurity threats and provides risk mitigation actions, prioritised according to actual exposure and potential impact on operations.

Robots: a security opportunity or a threat?
Editor's Choice News Conferences & Events
Professor Martin Gill, Director of Perpetuity Research & Consultancy International and the School of Criminal Justice at the University of South Africa (UNISA), will be holding a Global Thought Leadership Security webinar on 22 June 2023 to discuss the contentious issue of robots operating in the security industry.

UNISA sponsors Securex seminars
Editor's Choice News Conferences & Events
As part of UNISA’s 150-year birthday celebrations, UNISA has sponsored the Securex Theatre Seminar Programme, which will include a number of prominent industry specialists, academics and security practitioners focusing on a number of themes.

From the editor's desk: Get Smart
Technews Publishing News
Welcome to the fourth issue of Hi-Tech Security Solutions for 2023, which is also the first issue of Smart Security Solutions. As noted in previous issues, Hi-Tech Security Solutions has been rebranded to Smart Security Solutions.

Accenture Technology Vision 2023
Editor's Choice News
New report states that generative AI is expected to usher in a ‘bold new future’ for business, merging physical and digital worlds, transforming the way people work and live.

Economists divided on global economic recovery
Editor's Choice News
Growth outlook has strengthened in all regions, but chief economists are divided on the likelihood of a global recession in 2023; experts are concerned about trade-off between managing inflation and maintaining financial stability, with 76% anticipating central banks to struggle to bring down inflation.

Success in business process best practices
Technews Publishing Kleyn Change Management Editor's Choice Integrated Solutions Security Services & Risk Management
This month we commandeer time with the woman who is spearheading our national conversation on Women in Security, Lesley-Anne Kleyn, to get to know the lady herself a little better.

Addressing the SCADA in the room
Industrial (Industry) Cyber Security
Few other sectors command the breadth of purpose-built and custom devices necessary to function, as the industrial and manufacturing industries. These unique devices create an uncommon risk that must be assessed and understood to fully protect against incoming attacks.

Integrated guarding services
XtraVision Integrated Solutions Access Control & Identity Management Industrial (Industry)
XtraVision offers a few tips on how to go about planning and setting up an integrated approach to sustainable and successful security services, from the initial risk assessment to the technology and people required.