classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn
 

Search...
Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2017


Protecting the machines
July 2018, This Week's Editor's Pick, Cyber Security, Integrated Solutions, Industrial (Industry)

Industrial installations are busy, dirty and more often than not filled with dangers due to machinery malfunctioning or careless actions by people. These days, however, industrial concerns are also under fire from cyber-attacks designed to sabotage processes and machinery, delay the company’s operations or bring the operations to a halt, impacting everyone relying on the industry concerned.

Scada (supervisory control and data acquisition) systems were designed for operations, not security, making them a juicy target for hackers wanting to mess about with process controls, PLCs and other industrial controllers. More importantly, an expert in scada processing is not necessarily a cybersecurity expert, not yet anyway.

This means that security operations at industrial sites need to include cybersecurity and it needs to be treated with the same importance as the physical security of the site as well as health and safety standards. Hi-Tech Security Solutions asked two industry experts for their take of industrial cybersecurity: Jason McGregor, business development manager, digital security & CCTV, Dell EMC South Africa, and Carey van Vlaanderen, CEO at ESET Southern Africa.

Hi-Tech Security Solutions: Industry 4.0 reads well in the media, but what exactly does this idea entail and how does it expose industrial operations to more cyber risks?

Jason McGregor: With Industry 4.0, the interconnectivity increases, but this brings new challenges in the form of increased exposure to cybersecurity attacks. Industrial systems are moving from scada to open protocols, or even just interconnecting with more traditional computers and networks that are better connected and generally easier to compromise.

The fact is, the more end-points (eg. sensors) you have and the more locations in which you store your data (eg. cloud), the more signals you put out into the virtual world and the more your perimeter disappears. This makes detection much more difficult, especially when you don’t add staff.

Carey van Vlaanderen: The fourth industrial revolution brings with it a new operational risk for connected, smart manufacturers and digital supply networks: cyber. The interconnected nature of industry 4.0-driven operations and the pace of digital transformation mean that cyber-attacks can have far more extensive effects than ever before, and manufacturers and their supply networks may not be prepared for the risks.

Hi-Tech Security Solutions What are the primary cybersecurity risks facing industrial operations today?

Jason McGregor: The primary risks to data today are data deletion or destruction, and of course encryption via some form of ransomware. The threat actors can be criminals looking to make a profit or being paid to damage a business, or they could even be nation states – as we saw with the NotPetya malware (en.wikipedia.org/wiki/Petya_(malware)). These cyber weapons are so powerful they can cause hundreds of millions of dollars in losses, even when the injured party was not the target.

The NotPetya attack didn’t target specific companies; it was a Russian attack on Ukraine. However, over 60 companies saw the impact when they downloaded the affected malware through their supply chain. As an example of the costs involved in such an attack, pharmaceutical giant Merck says the attack cost it $300 million in its third quarter alone – “$135 million from lost sales and approximately $175 million in costs, spread across the cost of goods sold and the operating expense lines”.

Shipping giant Maersk claimed that the ransomware also cost the company as much as $300m, while FedEx was said to have been hit with a similar loss in its first quarter.

It’s also important to note that attacks don’t only come from outside. The insider threat is also a growing concern for companies globally.

Carey van Vlaanderen:

a. Running outdated infrastructure without proper patching process and security measures.

b. Adding ‘smart’ devices to the network, that have no protection.

c. Internal incidents spurred by accidental actions.

d. External threats from hacktivists and state-funded attacks.

e. Extortion – including ransomware.

Hi-Tech Security Solutions: How can a cybersecurity breach impact operations? And, how can good cybersecurity defences help to improve operations?

Jason McGregor: The velocity of cybersecurity attacks are extremely rapid and can spread within seconds and the impact on highly-connected business can be significant. Hundreds to thousands of critical servers, desktops, phones can be rendered useless almost instantly. The supply chain impact can also be substantial, bringing logistics, production and operations to a complete halt (as with Maersk and FedEx above). In the worst case, it can lead to the shut down or even bankruptcy of the company.

A complete, well thought out cybersecurity defence is therefore critical. That defence has to protect against both traditional breaches and theft of data, and the attacks listed above. Leveraging standards such as NIST CSF (Cybersecurity Framework) or ISO 27001 (Information Security Management) is critically important.

Carey van Vlaanderen: The loss of proprietary information is the most likely consequences of an ICS security incident. But the consequences of cybersecurity breaches in operations are far greater than simply financial cost. Companies seem to underestimate the impact on the environment, critical services and national security, but also the fact that – in their extreme – such incidents can result in loss of life, the reputational issues of which can significantly damage brands, lead to mistrust in industries and cause companies to close.

The convergence of operational technology (OT) and information technology (IT) are coming together as IT shops deploy software on top of OT communications to try to improve the efficiency of a plant or facility. This IT/OT convergence means that the potential impact on a security breach can extend well beyond data loss into areas of physical and human risk.

A single cyberattack on an oil and gas plant costs an average of $13 million according to Frost & Sullivan. Or a power outage, as seen in case of BlackEnergy (en.wikipedia.org/wiki/BlackEnergy) or Industroyer (en.wikipedia.org/wiki/Industroyer), can paralyse large regions, cities, city parts as well as their essential services. There are many potential weak links, such as city’s smart traffic signals, city water or power infrastructure, or outdated healthcare facilities, which could all be targeted by the attackers and lead to chaos, damage to health, life and property.

In addition to securing all the above mentioned critical systems by proper and multi-layered security, companies can also conduct security awareness programmes for staff, contractors and partners. Organisations that take the previous steps typically experience less financial loss. Investing in cybersecurity awareness for all staff is therefore critical in the effort to secure one’s systems and infrastructure.

Hi-Tech Security Solutions: How important is it for these concerns to integrate their security defences, even as far as integrating cyber and physical security? Is this a necessity or a nice-to-have?

Jason McGregor: Companies that were hit by the ransomware attacks above had good detection and prevention strategies in place, but they were still breached and had to resort to backups after nothing was left of their IT environment. A strong and sound recovery strategy has become essential to be prepared for a full-blown cybersecurity breach.

This is an absolute necessity both from an operational as well as from a legal or regulatory standpoint. Most industries in almost every country have some cybersecurity requirements that apply to them. For corporations with shareholders, the board usually has a fiduciary responsibility to protect the ongoing operations of the business. Failing to provide proper security – cyber and physical – is a derogation of those duties.

Carey van Vlaanderen: It is absolutely a must have. ESET experts consistently stress that many industrial environments are still running outdated systems which are not protected well enough. Based on our experience, companies often underestimate the impact of cyber risks and only build and invest in proper security measures after a breach has happened. The threat of an attack inside industrial control systems (or supply-chain), however, is very real as we have seen on multiple occasions in the past years in cases such as BlackEnergy, NotPetya and Industroyer.

Hi-Tech Security Solutions: What strategy should industrial companies take when dealing with cybersecurity risks given that this is not an area they are traditionally worried about?

Jason McGregor: My experience is that many of these companies are aware of the risks they face, but their cost/risk analysis wound up focusing more on physical threats for various reasons. That has changed. Today, cybersecurity is consistently ranked #1 in spending priority in surveys from organisations such as the Enterprise Strategy Group.

Companies know this is a primary concern and they are eager to do something about it. Many large companies have CISO/CSO in place to handle the task, but the challenge that often has to be overcome is a coordinated strategy between security and IT people. For example, data recovery (or cyber recovery) plans are often not coordinated with an overall incident response plan.

As noted above, a cyber-recovery strategy needs to be an integral part of cybersecurity defences. A good cyber-recovery strategy is needed to prepare for worst-case scenarios so that the organisation can respond more quickly and effectively. In addition, copies of critical data should be stored in an air-gapped vault that can be used to recover critical applications if the IT operations have been compromised.

Carey van Vlaanderen: Companies that have the necessary funds and opportunity should move to newer and better protected operating systems. There is also scope for companies to further protect themselves with increased usage of vulnerability scans and patch management.

As the WannaCry pandemic has shown, the up-to-date patching of generic systems like Windows OS is a crucial security measure. Running updated and multi-layered security solutions on all potentially ‘interesting’ systems is also a way to improve protection of the ICS environment. There is also a very real need for education and assistance to ensure the network security of industrial environments and to reduce risk of any kind of breach.

ICS cybersecurity risk management is recognised to be a growing need for organisations. Companies therefore need to know what the risks are. They need to have trained and qualified staff available to identify risks and manage the businesses response, and have in place the right controls and software to protect those systems and hardware. There’s a clear need for raising levels of awareness of all staff about the cyber risks within operational technologies.

For more information, contact:

• Dell Technologies, +27 76 663 6820, jason.mcgregor2@emc.com, https://datasecurity.dell.com

• ESET-SA, +27 21 659 2000, info@eset.co.za, www.eset.co.za


Credit(s)
Supplied By: Technews Publishing
Tel: +27 11 543 5804
Fax: +27 11 787 8052
Email: vivienne@technews.co.za
www: www.technews.co.za
  Share via Twitter   Share via LinkedIn      

Further reading:

  • Too safe to escape
    July 2018, Technews Publishing, News
    A recent story I was told highlights how we still take security for granted in our daily lives. Most people try to ensure that their houses, townhouses and apartments have some form of security in place ...
  • TAPA 2018 conference
    July 2018, Technews Publishing, TAPA (Transported Asset Protection Association), Calendar of Events
    TAPA 2018 conference    27 July, 2018 Emperors Palace, Gauteng The ever-changing dynamics of risk management. TAPA members no charge. Non members – R1620 excl VAT per person The South African chapter ...
  • Residential Estate Security Conference
    July 2018, Technews Publishing, Calendar of Events
    Residential Estate Security Conference    14 August, 2018 Indaba Hotel, Fourways, Johannesburg Following sold-out events in Durban in March 2018, Hi-Tech Security Solutions, in cooperation with Rob Anderson, ...
  • CCTV reviews and the display of relevant information
    July 2018, Leaderware, This Week's Editor's Pick
    Recorded video is often far from ideal. There are a number of things that can affect the quality and state of video and influence whether the review or analysis can lead to relevant facts.
  • Where safety, security and Industry 4.0 meet
    July 2018, Technews Publishing, This Week's Editor's Pick, Integrated Solutions, Industrial (Industry)
    Integrated security offers more than simply a means to keep unwanted people out of industrial settings, its benefits extend to supporting and enhancing daily operations.
  • Securex 2018 pulls the (right) crowds
    July 2018, Technews Publishing, Access Control & Identity Management, CCTV, Surveillance & Remote Monitoring, Cyber Security, Integrated Solutions
    With over 6000 visitors attending and exhibitors expressing their satisfaction with not only the number, but also the calibre of the visitors, this year’s Securex was a winner.
  • Advances in NVR and VMS capabilities
    July 2018, Technews Publishing, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, IT infrastructure, Products
    Hi-Tech Security Solutions looks at what the latest trends are in the NVR and VMS worlds, along with some of the latest products.
  • SLAs - Read the fine print
    July 2018, Technews Publishing, This Week's Editor's Pick, Security Services & Risk Management
    By insisting on an appropriate maintenance contract, security technology can be used to the full extent of its possible life.
  • Securing your digital assets
    July 2018, Technews Publishing, This Week's Editor's Pick, Cyber Security, IT infrastructure
    Cyberattacks can’t be prevented, but companies and individuals have ways to keep the attackers out. However, the coming year will see more attacks and more losses because of poor cyber planning.
  • The generations that matter
    July 2018, Technews Publishing, This Week's Editor's Pick, Cyber Security, Security Services & Risk Management
    According to Doros Hadjizenonos, country manager, SADC at Check Point, we have entered the fifth generation of cyberattacks.
  • EOH introduces managed Security-as-a-Service
    July 2018, EOH Security & Building Technologies, News, Cyber Security, Security Services & Risk Management
    EOH has introduced a solution to modern security concerns through a managed Security-as-a-Service suite of offerings.
  • Online platform for targeted staff recruitment
    July 2018, Technews Publishing, This Week's Editor's Pick, News, Training & Education
    Hi-Tech Security Solutions launches online platform for targeted staff recruitment.

 
 
         
Contact:
Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Other
Terms & conditions of use, including privacy policy
PAIA Manual
         
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.