“Operational Technology“: Modern operational technology through connected machines / Many companies not aware of risks / For more information: https://www.tuv.com/cybersecurity-trends-2019
Computer controlled machinery enables companies to control and monitor their production systems saving time, improving efficiency and reducing costs. However, these Operational Technology (OT) systems can also be the target of hacker attacks, as incidents at car manufacturers, railway stations and maritime ports in the past few years have demonstrated. “Attackers have the ability to use malware to cause considerable damage to industrial facilities,” explains Nigel Stanley, expert for industrial and OT cybersecurity at TÜV Rheinland. The problem is that many machines are connected to the internet without adequate protection and thus offer an unnecessarily large attack surface area for hackers. TÜV Rheinland offers detailed information on this subject in the “Cybersecurity Trends 2019” study available for download.
Old machines, insecure internet connections
“Security gaps can arise when machines are connected to the internet. Modern production equipment will be computer controlled, often requiring a connection to the internet for maintenance and quality control purposes. The security of this connection can be crucial to the security of the whole facility,” says Stanley. However, many companies continue to rely on older equipment that cannot be easily replaced due to high costs. Such machines can be particularly vulnerable when upgraded to a digital control system as security compromises may need to be made. The long life span of these machines in contrast to rapidly changing IT operating systems makes it difficult to maintain security of these OT systems. A sound OT cyber risk analysis is the best way to start the process of increasing the cybersecurity maturity in these automated and networked systems.
Offline systems can also be attacked
Even non-networked industrial operations can become victims of malware or data theft. “A USB interface is sufficient to allow a non-internet connected system to be infected with destructive malware,” explains Stanley. Modern OT equipment provides more control and efficiency in many businesses but there are still far too many companies that don’t address these specific cyber risks.