After years of foreshadowing and implicit warnings to industry of hackers instigating chaos on the computers responsible for running physical processes in factories and critical economical infrastructure, most would assume astute industrial firms would have already have their lead security officers running cybersecurity at their plants and stations of operation. In actual fact, as of today, 35% of large-scale facilities are run by cybersecurity professionals, fortunately that is finally progressing in the right direction.
Why the Delay?
Ironically, until recent, industry leaders have been notorious for their resistance towards cybersecurity professionals. Where plant owners were once concerned that cybersecurity pros would interfere with industrial processes they did not understand, the severe impacts felt as a result of global cyberattacks including “WannaCry” and “NotPetya”, have made it clear that their skills were profoundly necessary.
The Current State: Projections for 2021
According to the 2018 Gartner OT Security Report, roughly one in three industry firms had the chief information security officer’s (CISO) department or an equivalent as head of their industrial networks, otherwise known as operation technology (OT) as opposed to traditional IT teams. Fortunately, this number is projected to at least double by 2021 in light of the aforementioned trend that has been sparked in the last 18 months.
Going back only a few years ago, the Operational Technology crowd was still declaring that cybersecurity experts know nothing about OT and they ought to stay out of it entirely. Now, there is a significant change in tone and OT recognize the dire need for such a change. The term “IT/OT convergence” has now been coined. OT and IT could once be likened to the church and state, separated by organizational boundaries, however, companies are realizing the severe impacts of ignoring how rapidly OT networks are beginning to look indistinguishable from IT networks.
In the beginning, it only made sense to trust the systems the plant managers who had decades of unscathed records and understood the language of industry, however, with system becoming more and more automated, and critical systems migrating to the world wide web, the language has since changed, calling forth a requirement for a similar change in operations management.
For any industrial business, the two most central items are uptime and efficiency. As industrial plant managers invest in connected devices to boost said efficiencies, they also increase the number of critical systems vulnerable to attack. Gradually, industrial systems are seeing themselves targeted by ransomware, with hackers understanding the ransom potential once taken hostage.
Background: Identifying the Origin of the Revolution
Although the first industry warnings that increased global connectivity could spark industrial disasters occurred well before the first targeted ransomware attacks, the trend of CISOs gaining full control of plant cybersecurity was truly ignited by the cyberattacks of 2016, namely “WannaCry” and “NotPetya.”
Although there is still debate as to whether or not “WannaCry” and “NotPetya” were true ransomware, or simply designed to look like it, the impact of these two attacks was unprecedented. Both attacks were responsible for major closures, and thereby restrictions to uptime and efficiency in everything from computer chip manufacturers, to automotive plants. A threat of this magnitude and severity had been previously unheard of.
Expectedly, the world of industry was forced to adapt the way they do business. As required, many companies consolidated their IT and OT departments as a means to combat the issue. CISOs, now seen as a benefit to uptime and efficiencies, have only just begun taking control of cybersecurity for most industry organizations, a trend we hope to see continue in the foreseeable future.