Effective cybersecurity is a holistic effort that needs to address IT and OT to protect business assets and operations. However, too many organisations in the chemical industry are taking an unbalanced approach, risking the future of their business and the safety of their workers and customers.
As digital transformation efforts accelerate, operators must correct these imbalances. This will ensure OT assets are properly audited and monitored to detect and prevent low-level attacks—and to protect their systems and processes are properly defended against hacktivists, criminal extortion and the potentially enormous effects of outages.
As businesses ramp up activity, they must not overlook cybersecurity. This goes beyond IT infrastructure and line-of-business applications—defence of OT is equally important.
What to watch in 2022
It is extremely likely we will see increased M&A activity during 2022, not least because of ongoing economic volatility. Growth will be further complicated by corporate strategy over the next year (and beyond).
We will also see increased regulation of cybersecurity for OT. High-profile cyberattacks like the Colonial Pipeline ransomware incident have attracted the attention of national security agencies. Backed by governments, they are demanding greater transparency—and that operators raise the standard of protection for their operations technology.
Why every chemical facility operator must address OT cybersecurity
Chemical industry operators know the value of their data—and how attractive those assets are to cybercriminals. Given the challenges of merging disparate IT and OT systems during a merger, cybersecurity is now a significant concern. Some evidence suggests that 62pc of businesses classify cybersecurity as their biggest concern post-acquisition.
Theft of data is an obvious and well-planned for event, as are ransomware infections. However, these considerations are focused on protecting data against loss—far less attention is given to defending OT.
As attacks increase in frequency and severity, this is an extremely worrying—and damaging—oversight. Particularly as cybersecurity best practice now starts with the assumption that your network has already been compromised.
State-sponsored hacking groups and hacktivists have a track record of breaking into industrial OT systems causing maximum disruption and damage. Colonial Pipeline paid an initial $4.4mn ransom, and although not a direct attack on OT systems, operations remained offline for six days, creating major oil distribution issues across the US. The business impact of the incident may never be known.
If left undefended, compromised OT could collapse a business within hours. There could also be serious health and safety risks associated with a breach. Overriding or disabling safety mechanisms, could endanger the lives of your production workers or create an environmental accident that affects the wider community.
How to get started with OT cybersecurity
Inventorying assets is an important first step towards strengthening your cybersecurity posture. Developing and maintaining a complete inventory of OT and IT endpoints will be essential to planning a comprehensive cybersecurity defence strategy, assisting with the application and enforcement of OT cyber security standards, regulations, practices and guidelines.
Notably, traditional IT-centric security tools rarely provide visibility and management of Level 1 and Level 0 devices. Often OT endpoints were never designed for the realities of modern, interconnected operations that expose these devices externally. Their proprietary configuration data and control systems cannot be easily collected and managed using conventional IT security tools.
Chemical industry operators must reassess their cybersecurity posture to include OT assets, and ensure they meet applicable regulations and standards. Maintaining OT integrity requires a trifold approach, combining cybersecurity, process safety and digitalisation. Most operators will already address these issues internally, but as separate concerns. This must change.
Combining cybersecurity, process safety and digitalisation into a single, coherent OT strategy ensures no single factor is prioritised over the others. This avoids rework and retrofitting that consumes time and resources and increases overall security risk.
It is highly likely that new security technology will be required to assist with these goals, going beyond basic network sniffing to provide a complete inventory of Level 1 and Level 0 assets and their configurations. Once inventoried, OT assets must be closely monitored to identify configuration issues and to prioritise vulnerabilities when they are detected.
Ultimately, OT cybersecurity is the logical evolution of digital transformation strategy. Data and visibility of every endpoint—including OT assets—will be essential to better protecting your business before, during and after mergers and acquisitions in 2022 and beyond.
Hexagon is a global leader in digital reality solutions, combining sensor, software and autonomous technologies. We are putting data to work to boost efficiency, productivity, quality and safety across industrial, manufacturing, infrastructure, public sector and mobility applications.
Our technologies are shaping production and people-related ecosystems to become increasingly connected and autonomous—ensuring a scalable, sustainable future.
Hexagon’s PPM division empowers its clients to transform unstructured information into a smart digital asset to visualise, build, and manage structures and facilities of all complexities, ensuring safe and efficient operation throughout the entire lifecycle.
Hexagon (Nasdaq Stockholm: HEXA B) has approximately 21,000 employees in 50 countries and net sales of approximately 3.8bn EUR. Learn more at hexagon.com and follow us @HexagonAB.
Comments