Op-Ed: Operational Technology Under Attack by Growing Cybersecurity Threats

Op-Ed: Operational Technology Under Attack by Growing Cybersecurity Threats

Among the biggest challenges posed by these attacks is their constant evolution. Hackers are becoming more sophisticated every day and developing new techniques to gain access to systems and steal sensitive information faster than we can prevent them. Companies are now being attacked by cybercriminals with vast networks of talent and targets.

Nothing is sacred and threats are no longer limited to traditional lone hackers. We see more and more organized actors grouping together to cause the greatest damage and obtain the greatest profits. This extends beyond the IT realm and into operational technology (OT) and even the physical buildings that power and house Australia’s critical infrastructure (CI).

The ways hackers gain access are also evolving. Last year, A drone was found on the roof of a financial company. company, and a few days before that, the drone had been used to gain access to an employee’s personnel credentials and infiltrate the Wi-Fi network.

Digitizing OT Means Greater Rewards and Greater Risks

When it comes to OT, security considerations are often seen in the context of the threat of terrorism or actions of war. It goes much further than that. OT is critical to driving innovation and growth across Australia’s industrial sectors, as well as increasingly digitalized building and construction.

Digitizing building systems such as energy management, fire protection, access control and visitor tracking increases their interconnectivity through the Internet of Things (IoT), leading to better connectivity between legacy systems, edge devices and the cloud. This results in increased efficiency, cost savings, and reduced human error, but also requires stakeholders to take steps to safeguard these systems and OT against bad actors.

Systems that control and monitor physical processes are often complex and were not inherently designed for interoperability. The systems that power buildings and the occupant experience require protections that are as stringent or stronger than IT, and infiltration can be even more disruptive. The challenge is not only the vast and relentless nature of cybercriminals, but also the diverse needs of the facilities and technologies that need to be protected.

Using AI to manage the intersection of OT and IT

As OT and IT converge, cybersecurity teams must consider a broader scope of risk and combine skill sets for the most comprehensive defenses.

In the case of the drone on the roof, the building and its systems became the means to access the valuable data it contains.

What’s more, outdated OT devices that were not designed to be “smart” or are not properly secured, updated, and patched can become a problem when connected to a building’s network. Adding an app to control this may seem like a simple solution, but with a number of interoperable systems, this can quickly become complicated or unmanageable internally. There is a growing trend to build cybersecurity into OT itself rather than modernize it – a “cybersecurity by design” approach.

Using AI to manage the intersection of OT and IT

Fighting an invisible enemy alone can be daunting, but the skills and processes built into OT can also be used to defend it. Automation, sensors and data analytics are used to improve building equipment and processes and improve the occupant experience. These same tools can be integrated into cybersecurity responses to maximize defenses.

The flexibility and self-learning capabilities of artificial intelligence (AI), including machine learning and deep learning, will make it increasingly essential for OT cybersecurity. AI can be used to detect previously unknown threats using deep learning and can also employ AI-based deception techniques to trick attackers away from vital assets. This leads to a high threat detection rate without causing alert fatigue.

Additionally, regulations like SOCI are a starting point for organizations to combine their expertise with the Department of the Interior and seek assistance on some of these shared vulnerabilities. For OT, having an inventory of potential risk assets helps the organization build its defenses one brick higher.

If the enemy has access to an infinite well of knowledge and skill resources, OT providers must build their resilience in response. Skills shortages, budget crises, and the fact that OT systems generally have not been as well protected as IT systems create a security challenge, but not an impenetrable obstacle.

Connecting OT devices to building networks makes work processes easier, faster and often cheaper, but security cannot be neglected, especially for OT. The combination of cunning cybercriminals and growing skills and resource scarcity means that organizations must ensure that OT receives the same cybersecurity attention that is applied to more traditional variants of IT.

It is essential to balance the adoption of new technologies and protection against cyber threats.

Stefanie Oakes is General Manager of Asia Pacific Services at Honeywell Building Technologies

Leave a Reply

Your email address will not be published. Required fields are marked *