How do you protect digital industrial processes?
Cyber attacks on industrial companies have become an everyday occurrence, and the damage they cause can be immense and long-lasting. ANDRITZ’s strategic partner OTORIO, based in Tel Aviv, offers a unique and state-of-the-art, comprehensive cyber security concept that can be used by ANDRITZ customers as well as other companies, regardless of the branch of industry concerned. Daniel Bren, CEO of OTORIO, describes the special features and benefits of this approach:
I. PREVENTION PRECEDES DETECTION
In our customer projects around the world, we see that forming a digital link between information technology (IT) and operational technology (OT) is one of the biggest challenges that production companies face. While the IT environment is generally homogeneous, being constantly updated and patched, the OT environment is much more diverse, with different generations of machinery and rather vulnerable automation technologies. A strong and intelligent cyber security system must take this into account in order to systematically prevent risks before they become problems. Ideally, the system will constantly monitor potential points of attack in production, identify security gaps, and prioritize the best countermeasures.
II. ORCHESTRATION AND AUTOMATION
Our advice is that the security processes should run automatically as far as possible – this is the only way to react effectively and efficiently to changes in the OT environment and to the risks these changes involve. All security tools and teams must be linked to and coordinated with one another by well-defined and practiced processes. We call this approach “Security Orchestration, Automation, and Response” (SOAR). Its benefits include a uniform overview of the cyber risk, faster workflows to minimize any damage, and improved operational reliability. OTORIO’s industry-tailored SOAR solution features easy operation and can be integrated seamlessly into existing vendor-neutral production processes.
III. SECURE SUPPLY CHAIN
Sub-suppliers are involved in operations or maintenance work in the production area in many branches of industry. Increasingly, they are also given access via the Internet, creating a direct link to production operations. At the same time, we see that most companies subject new or repaired OT assets to only a superficial risk assessment if any. That is dangerous. Companies must take account of the daily connectivity risks created by their sub-suppliers, including, for example, the risks of introducing a new line or machine on the production floor.
IV. PRACTICAL ANALYSIS USING THE “FOUR EYES PRINCIPLE”
We recommend examining the security measures regularly from the viewpoint of a hacker as part of so-called Red-Team penetration tests. It is important to introduce test routines like the “four eyes principle” so that the security technologies and processes implemented respond to the actual security requirements and cyber risks.
V. PRODUCTION CONTINUITY PLAN
No system offers 100% protection, regardless of how flawlessly security measures are planned and implemented. As soon as there is an incident, speed is of the essence in order to contain the negative impact and restore error-free operation as quickly as possible. Firstly, this requires a team that is responsible immediately for neutralizing the threat. Secondly, the team must localize the cause of the problem and restore the latest and error-free “good” status in production operations. Thirdly, it must draw up a plan to close the security gaps that made the attack possible.