Protect industrial systems from cyber threats
Cyber security takes on many fronts and forms, and a seldom discussed topic is the aspect of Industrial Cyber Security, which rarely presents adequate data to objectively evaluate risks. Global research shows that nearly one out of every three industrial manufacturing sites is now connected to the public internet, and 75% of these sites have legacy operating systems that provide archaic security systems. Nearly half these sites have no virus protection making them easy prey for cyber infiltrations.
Speaking to the Daily FT, Senior Director ICS of Bayshore Networks, Vincent Turmel, says that industrial cyber-attacks are common place in both developed and emerging economies, but very little data is available on what really happens as victims are not talking due to the bad publicity and impact on corporate image. With new cyber security events taking place every week, awareness and education is growing rapidly he avers, adding that being prepared for any outcome is critical.
“Governments in general are becoming more sensitive about safeguarding critical infrastructure systems, and that’s wide ranging because it includes water, transportation and power generation, which is vital for economies. In the west, they also list critical industries which are essential and it’s not limited to military and basic utilities and thereby enforce protection measures. We live in a world where if you don’t know about it then it’s probably ok not to do it, but as long as you know about a possible threat then you need to do something about it, otherwise you are guilty of negligence and you need to plan for it,” states Turmel.
Speaking further, Turmel adds that particularly with legacy systems it is difficult to place a finger on or measure the exact extent of a threat and the resultant impact in the event of a cyber attack on industrial systems. That also makes it difficult at times to ascertain the level of preparation required. One of the common misconceptions that industries have is that ‘they are not connected’ and therefore we have little or no risk of cyber threats. Also, the question ‘who would want to attack us, as we only manufacture a harmless product’, and focus attention merely on safeguarding computers, data and software systems. This was true ten years ago, Turmel states, adding that many companies have been surprised to find a number of connections do exist to IT systems from the floor. Some companies employ third-party contractors to manage these systems that can pose a security risk.
Whilst Sri Lanka largely employs manual systems at present, there is a visible shift taking place towards modern digital systems which are always connected. “In the industrial world, when you put in a piece of equipment you expect it to last at least 20 years. But 20 years ago, the internet was still in its infancy, so what will happen 20 years from now? The machines we put in today will run and they will be connected with billions of rupees in investments. You need to do all you can to keep these systems and machinery running safe without disruption. The disruption risk is really far bigger than the cost of replacing anything. As we automate we need to ensure we do it right. In Sri Lanka, you have a better chance of being there as you are now putting in place and investing in new systems. In the more developed world they are upgrading systems, so it’s a different challenge, but something that must be considered for both consumer and industrial safety,” he says.
Turmel was in Sri Lanka to meet with select customers in Colombo to apprise them on the latest trends and developments in the sphere of Industrial Cyber Security. Bayshore Networks Inc is a strategic partner of Just In Time Group (JIT), a veteran in the local ICT arena with a history spanning 21 years as a leading ICT Systems and Solutions Integrator to the country. JIT was recently listed in the latest edition of the APAC CIO Outlook magazine’s Top 25 Govt. and Public Sector Technology Providers 2017 and as the only Sri Lankan company to be featured and recognised in the magazine’s annual listing of the Top 25 Government and Public Sector Technology Providers 2017.
JIT’s key strengths are focused on; systems integration, Software Solutions, Network and Infrastructure, Hardware, Mobility, Outsourcing IT Professionals, Professional Services, information security services, Maintenance and Support Services etc. Bayshore Networks is a leading provider of cyber protection for industrial infrastructure based in the US. Having focused on North American markets at the outset, the company now has expanded its reach to the Middle East and Asia working hand-in-hand with local partners.
Industrial Cyber Security requires more awareness and attention, and there is a lot of work to be done in that sphere as it lags far behind interest on general cyber security aspects. Turmel also explains that given today’s trends software and technologies that are considered high-end, which are often used by governments and security agencies, could end-up in the hands of teenagers six months down the line – as advanced software is fast becoming mainstream providing access to anyone.
The risk therefore becomes exponential with time. Whilst the level of threat maybe relatively less for countries like Sri Lanka in its present state, it will become a problem to everyone, and despite costs related to ensuring adequate security it is a question of safety and priorities.
“We are looking at systems with high values. Consider the cranes that operate around the harbour, what would happen if they are rendered inoperable for a day. Even a day’s loss is significant to the overall economy. Look at critical assets. For instance, an airport is full of such different and critical systems. With Industrial Cyber Security we are connected to physical systems; we are not looking at data on hard drives and computers. These extend to even household devices now with buzzwords such as IOT, IIOT and Industry 4.0. The whole world is connecting, and it is doing so to become more efficient, but it does also bring about increased risks as these physical systems are also becoming connected. We are dealing with the pumps and valves and anything that moves which could go wrong and hurt people, a company and industry and even an entire country or economy,” explains Turmel.