Today’s hackers don’t only take aim at IT (Information Technology) environments – we’re well and truly past that point. Now that IT and OT environments are no longer separate worlds, we’re seeing an increasing number of cyber attacks on OT (Operational Technology) environments. And the consequences of these attacks can be many times greater. Just imagine: When a business process has come to a standstill, so too will the factory. To prevent this, it’s becoming increasingly important to have an integrated approach to cyber security. In this article, I’d first like to explain how the OT and IT environments in the chemical process industry have changed in recent years and why cybersecurity shouldn’t be underestimated.
OT environment in the chemical process industry
I want to take you into the world of the chemical process industry. The average chemical plant is at least twenty to fifty years old and mostly fully isolated from the IT environment. Process data is only locally available to the operations teams. If we rewind ten or twenty years, nobody needed to connect these systems to the company network. That’s why PLC’s, DCS systems, and any other Human Machine interface have no built-in security by default and mostly run on legacy operating systems like DOS, Windows 95, XP, or CE with no security patching or virus detection.
OT versus IT environment
About ten years ago, some companies started to implement historians. These systems allow them to look back at data from the process systems and network connections where needed. The need to get process data into the IT environment grew. Bringing OT data to the IT environment was already a huge step. They were highly secured with firewalls not just because of the sensitivity of the process data but because of the vulnerability of the process systems. From this moment on, the OT and IT environment were no longer separate worlds.
An integrated approach is a must
New technologies create plenty of opportunities in the industry to remotely monitor installations and processes 24/7. More and more devices are being connected via the Internet of Things (IOT). While this has enormous benefits, it also increases risks. Because now that the factory’s digital gate has been opened, companies are becoming more vulnerable. This means that, as a company, you have to make sure you’re effectively protected against these cyber risks.
Like to know more?
To properly secure both the OT and IT environment, you need specific knowledge and an integrated approach. As Industry 4.0 Change Agent at Sitech Asset Health Center, I look at the technical and organizational measures of IT/OT security and advise companies on how to implement them. If you’d like to know more about this integrated approach, please reach out!