classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn

Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2017

Protecting the machines
July 2018, This Week's Editor's Pick, Cyber Security, Integrated Solutions, Industrial (Industry)

Industrial installations are busy, dirty and more often than not filled with dangers due to machinery malfunctioning or careless actions by people. These days, however, industrial concerns are also under fire from cyber-attacks designed to sabotage processes and machinery, delay the company’s operations or bring the operations to a halt, impacting everyone relying on the industry concerned.

Scada (supervisory control and data acquisition) systems were designed for operations, not security, making them a juicy target for hackers wanting to mess about with process controls, PLCs and other industrial controllers. More importantly, an expert in scada processing is not necessarily a cybersecurity expert, not yet anyway.

This means that security operations at industrial sites need to include cybersecurity and it needs to be treated with the same importance as the physical security of the site as well as health and safety standards. Hi-Tech Security Solutions asked two industry experts for their take of industrial cybersecurity: Jason McGregor, business development manager, digital security & CCTV, Dell EMC South Africa, and Carey van Vlaanderen, CEO at ESET Southern Africa.

Hi-Tech Security Solutions: Industry 4.0 reads well in the media, but what exactly does this idea entail and how does it expose industrial operations to more cyber risks?

Jason McGregor: With Industry 4.0, the interconnectivity increases, but this brings new challenges in the form of increased exposure to cybersecurity attacks. Industrial systems are moving from scada to open protocols, or even just interconnecting with more traditional computers and networks that are better connected and generally easier to compromise.

The fact is, the more end-points (eg. sensors) you have and the more locations in which you store your data (eg. cloud), the more signals you put out into the virtual world and the more your perimeter disappears. This makes detection much more difficult, especially when you don’t add staff.

Carey van Vlaanderen: The fourth industrial revolution brings with it a new operational risk for connected, smart manufacturers and digital supply networks: cyber. The interconnected nature of industry 4.0-driven operations and the pace of digital transformation mean that cyber-attacks can have far more extensive effects than ever before, and manufacturers and their supply networks may not be prepared for the risks.

Hi-Tech Security Solutions What are the primary cybersecurity risks facing industrial operations today?

Jason McGregor: The primary risks to data today are data deletion or destruction, and of course encryption via some form of ransomware. The threat actors can be criminals looking to make a profit or being paid to damage a business, or they could even be nation states – as we saw with the NotPetya malware ( These cyber weapons are so powerful they can cause hundreds of millions of dollars in losses, even when the injured party was not the target.

The NotPetya attack didn’t target specific companies; it was a Russian attack on Ukraine. However, over 60 companies saw the impact when they downloaded the affected malware through their supply chain. As an example of the costs involved in such an attack, pharmaceutical giant Merck says the attack cost it $300 million in its third quarter alone – “$135 million from lost sales and approximately $175 million in costs, spread across the cost of goods sold and the operating expense lines”.

Shipping giant Maersk claimed that the ransomware also cost the company as much as $300m, while FedEx was said to have been hit with a similar loss in its first quarter.

It’s also important to note that attacks don’t only come from outside. The insider threat is also a growing concern for companies globally.

Carey van Vlaanderen:

a. Running outdated infrastructure without proper patching process and security measures.

b. Adding ‘smart’ devices to the network, that have no protection.

c. Internal incidents spurred by accidental actions.

d. External threats from hacktivists and state-funded attacks.

e. Extortion – including ransomware.

Hi-Tech Security Solutions: How can a cybersecurity breach impact operations? And, how can good cybersecurity defences help to improve operations?

Jason McGregor: The velocity of cybersecurity attacks are extremely rapid and can spread within seconds and the impact on highly-connected business can be significant. Hundreds to thousands of critical servers, desktops, phones can be rendered useless almost instantly. The supply chain impact can also be substantial, bringing logistics, production and operations to a complete halt (as with Maersk and FedEx above). In the worst case, it can lead to the shut down or even bankruptcy of the company.

A complete, well thought out cybersecurity defence is therefore critical. That defence has to protect against both traditional breaches and theft of data, and the attacks listed above. Leveraging standards such as NIST CSF (Cybersecurity Framework) or ISO 27001 (Information Security Management) is critically important.

Carey van Vlaanderen: The loss of proprietary information is the most likely consequences of an ICS security incident. But the consequences of cybersecurity breaches in operations are far greater than simply financial cost. Companies seem to underestimate the impact on the environment, critical services and national security, but also the fact that – in their extreme – such incidents can result in loss of life, the reputational issues of which can significantly damage brands, lead to mistrust in industries and cause companies to close.

The convergence of operational technology (OT) and information technology (IT) are coming together as IT shops deploy software on top of OT communications to try to improve the efficiency of a plant or facility. This IT/OT convergence means that the potential impact on a security breach can extend well beyond data loss into areas of physical and human risk.

A single cyberattack on an oil and gas plant costs an average of $13 million according to Frost & Sullivan. Or a power outage, as seen in case of BlackEnergy ( or Industroyer (, can paralyse large regions, cities, city parts as well as their essential services. There are many potential weak links, such as city’s smart traffic signals, city water or power infrastructure, or outdated healthcare facilities, which could all be targeted by the attackers and lead to chaos, damage to health, life and property.

In addition to securing all the above mentioned critical systems by proper and multi-layered security, companies can also conduct security awareness programmes for staff, contractors and partners. Organisations that take the previous steps typically experience less financial loss. Investing in cybersecurity awareness for all staff is therefore critical in the effort to secure one’s systems and infrastructure.

Hi-Tech Security Solutions: How important is it for these concerns to integrate their security defences, even as far as integrating cyber and physical security? Is this a necessity or a nice-to-have?

Jason McGregor: Companies that were hit by the ransomware attacks above had good detection and prevention strategies in place, but they were still breached and had to resort to backups after nothing was left of their IT environment. A strong and sound recovery strategy has become essential to be prepared for a full-blown cybersecurity breach.

This is an absolute necessity both from an operational as well as from a legal or regulatory standpoint. Most industries in almost every country have some cybersecurity requirements that apply to them. For corporations with shareholders, the board usually has a fiduciary responsibility to protect the ongoing operations of the business. Failing to provide proper security – cyber and physical – is a derogation of those duties.

Carey van Vlaanderen: It is absolutely a must have. ESET experts consistently stress that many industrial environments are still running outdated systems which are not protected well enough. Based on our experience, companies often underestimate the impact of cyber risks and only build and invest in proper security measures after a breach has happened. The threat of an attack inside industrial control systems (or supply-chain), however, is very real as we have seen on multiple occasions in the past years in cases such as BlackEnergy, NotPetya and Industroyer.

Hi-Tech Security Solutions: What strategy should industrial companies take when dealing with cybersecurity risks given that this is not an area they are traditionally worried about?

Jason McGregor: My experience is that many of these companies are aware of the risks they face, but their cost/risk analysis wound up focusing more on physical threats for various reasons. That has changed. Today, cybersecurity is consistently ranked #1 in spending priority in surveys from organisations such as the Enterprise Strategy Group.

Companies know this is a primary concern and they are eager to do something about it. Many large companies have CISO/CSO in place to handle the task, but the challenge that often has to be overcome is a coordinated strategy between security and IT people. For example, data recovery (or cyber recovery) plans are often not coordinated with an overall incident response plan.

As noted above, a cyber-recovery strategy needs to be an integral part of cybersecurity defences. A good cyber-recovery strategy is needed to prepare for worst-case scenarios so that the organisation can respond more quickly and effectively. In addition, copies of critical data should be stored in an air-gapped vault that can be used to recover critical applications if the IT operations have been compromised.

Carey van Vlaanderen: Companies that have the necessary funds and opportunity should move to newer and better protected operating systems. There is also scope for companies to further protect themselves with increased usage of vulnerability scans and patch management.

As the WannaCry pandemic has shown, the up-to-date patching of generic systems like Windows OS is a crucial security measure. Running updated and multi-layered security solutions on all potentially ‘interesting’ systems is also a way to improve protection of the ICS environment. There is also a very real need for education and assistance to ensure the network security of industrial environments and to reduce risk of any kind of breach.

ICS cybersecurity risk management is recognised to be a growing need for organisations. Companies therefore need to know what the risks are. They need to have trained and qualified staff available to identify risks and manage the businesses response, and have in place the right controls and software to protect those systems and hardware. There’s a clear need for raising levels of awareness of all staff about the cyber risks within operational technologies.

For more information, contact:

• Dell Technologies, +27 76 663 6820,,

• ESET-SA, +27 21 659 2000,,

Supplied By: Technews Publishing
Tel: +27 11 543 5800
Fax: +27 11 787 8052
  Share via Twitter   Share via LinkedIn      

Further reading:

  • Does your machine deep learn to artificially talk NLP in a Bayesian structured neural pattern?
    September 2018, Technews Publishing, News
    So there! Now your very own Hi-Tech Security Solutions magazine is also equipped with the latest deep learning and artificial intelligence capabilities. Using the latest in cognitive neuroscientific algorithms, ...
  • Cameras in the control room
    September 2018, Leaderware, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring
    CCTV operators find themselves in a pivotal position regarding society, technology, security strategy, and the welfare of people. But who watches the watchers?
  • The ever-changing dynamics of risk management
    September 2018, Technews Publishing, This Week's Editor's Pick, Security Services & Risk Management, Transport (Industry), Conferences & Events, Associations, Training & Education
    Hi-Tech Security Solutions was at the TAPA South Africa 2018 conference once again. This is a short summary of the presentations delivered on the day.
  • TAPA 2018 sponsors
    September 2018, Technews Publishing, Transport (Industry), Associations
    There were six companies sponsoring the TAPA conference in July this year. During the conference they all had a few minutes to talk about what they do to enhance security in the logistics business.
  • Securing cargo for export
    September 2018, Technews Publishing, Transport (Industry), Security Services & Risk Management
    Hi-Tech Security Solutions discusses the air cargo handling process and what is done to ensure goods are secure and don’t pose a danger.
  • Making the right security decisions
    September 2018, Technews Publishing, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Access Control & Identity Management, Perimeter Security, Alarms & Intruder Detection, Integrated Solutions, Conferences & Events, Training & Education
    The Residential Estate Security Conference 2018 took place in Johannesburg in August, covering a range of topics pertinent to the estate market.
  • The most important features of a management platform
    September 2018, Technews Publishing, This Week's Editor's Pick, CCTV, Surveillance & Remote Monitoring, Access Control & Identity Management, Cyber Security, Integrated Solutions
    Hi-Tech Security Solutions asks the industry for the top three features you should be looking for in a security management platform.
  • Integrated anything
    September 2018, Technews Publishing, This Week's Editor's Pick, Integrated Solutions, Security Services & Risk Management
    Babylon is designed to manage access automation systems; however, its utility goes beyond management to include automation and customisation capabilities across technology verticals.
  • The human factor in control rooms
    September 2018, Technews Publishing, Security Services & Risk Management
    What kind of person does it take to watch multiple video screens and make quick and responsible decisions when an incident occurs?
  • Stallion hosts technology day
    September 2018, Technews Publishing, News, Conferences & Events, Training & Education
    Stallion Security hosted its second annual technology day at the Da Vinci Hotel in Sandton to give its clients insight into some of the latest and greatest products and solutions available in the security market.
  • IoT: The starting gates
    September 2018, This Week's Editor's Pick, Integrated Solutions, IT infrastructure
    South Africa is already past the Internet of Things (IoT) hype cycle and well into the mainstream where projects and pilots are already becoming a commercial reality.
  • The platform you depend on
    September 2018, Oryx Systems, This Week's Editor's Pick, Perimeter Security, Alarms & Intruder Detection, Integrated Solutions
    Oryx Systems expands its security management platform to include mobile and video verification with a major upgrade coming in 2019.

Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Terms & conditions of use, including privacy policy
PAIA Manual
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.