“This advice is excellent and can be applied to any sector”
The growing vulnerability of having industrial computer systems connected to the outside world has led the US National Security Agency (NSA) to issue an advisory notice on how to ‘Stop Malicious Cyber Activity Against Connected Operational Technology’.
The NSA’s Central Security Service leads the U.S. Government in cryptology, including cybersecurity products and services, providing timely and accurate support, knowledge, and assistance to the military cryptologic community.
We spoke to DTG’s Cyber Security Consultant, Johnny Gwynne to understand what has led to this advisory notice and what we can all learn from it.
Johnny, why do you think this advisory notice has been issued now?
We are seeing more and more examples of high-profile cyber-attacks, where criminals have been successful at breaching less than adequate defences. This increasing awareness of both the risk and impact of such attacks has resulted in the publication of this advisory notice and is the NSA trying to ensure they stay on the front foot.
Why are Industrial, or Operational Technology (OT) systems more vulnerable than IT systems?
IT systems have for many years been connected to the internet or external networks, and security of these systems has always focused on the confidentiality and integrity of the data. OT systems by contrast, have historically often been used without a connection to the outside world, and the key focus is all about ensuring a safe and reliable operation. This has led to a ‘fit and forget’ mentality in many cases and we now find ourselves with a huge installed base of aging technology and legacy closed systems, running processes that organisations are desperate to make more efficient through digital transformation opportunities. The reality is many security products that work well in the IT space are oftentimes less effective in the OT environment for these reasons.
So why are we so determined to connect these vulnerable OT systems to the outside world?
The emergence of Industry 4.0, effectively the 4th industrial revolution, has provided a step change opportunity for organisations to embrace new technologies, drive productivity and increase efficiencies. However, these benefits can only be realised with more open and connected systems, and people need to accept the inherent increased cyber risk that comes with this and be prepared to deal with it head on.
Is the advice being given here purely applicable to the US?
Absolutely not. Post-Covid, the world will be an even more competitive marketplace. Standing still will simply not be an option for businesses. It will be those who pro-actively embrace digitalisation that will survive and thrive. The need to recognise, understand and manage the resulting increase in cyber threats is a fundamental requirement that comes with this approach. The advice in the NSA advisory notice is excellent and can be applied to any sector.
How can DTG help further?
DTG recently launched a revolutionary Industrial Cyber Assessment tool (CAsT), which identifies security weaknesses in OT systems and offers solutions to increase an organisations resilience to emerging cyber threats. Through extensive data collection, CAsT compiles a detailed OT asset inventory, identifies security weaknesses, and proposes risk reduction solutions. Using data visualisation software, these solutions are simulated, making it easy for decision makers to address their immediate OT cybersecurity needs and incrementally tackle less significant risks, protecting business and digital operations from the detrimental effects and disruption of cybercrime.
DTG can also provide bespoke Industrial (OT) Cyber Security training for staff, available in various formats including traditional face to face, online live webinar or on demand e-Learning modules.
Our combined approach offering OT Cyber Training in conjunction with the CAsT application is a game changer for process industries looking to improve their OT cybersecurity in critical infrastructure.
For more information, contact us at [email protected] or visit our website www.digtechgroup.com.
Read our previous Cyber related blogs!
Healthcare Sector Not Immune to Cyber Attack – Even in a Pandemic