“The automotive manufacturing industry heavily depends on Operational Technology (OT) to ensure high efficiency and minimal production down time. As a result, the sector is one of the leading industries in digitisation and automation, whilst these changes bring positive improvements to the sector as a whole, they also introduce increased cyber security risks.”
Industry 4.0 has its benefits, from increased automation, process improvements and new levels of efficiencies, it can also expose critical OT to security vulnerabilities, while presenting new windows of opportunity for cybercriminals.
Traditionally, cyber security was not a critical consideration because a manufacturer’s OT environments were designed to be isolated, communicating via proprietary industrial protocols and operated via custom hardware and software. Those traditional systems had limited exposure, whereas, today, OT environments have converged with mainstream technologies and are often no longer air-gapped from IT networks, meaning that the lack of adequate security measures poses a critical risk.
An expansive and growing attack surface, arising from convergence, connectivity, geographic and organisational complexity, combined with a general lack of cyber security risk management is increasing risk exposure.
By connecting OT to IoT and IT devices, vulnerabilities that once were seen as insignificant due to the lack of external connectivity are now high targets for bad actors. As dependence on OT and IoT grows across the manufacturing industry, the need to tackle cyber security risk is imperative.
The first step in this journey is to understand risk and consequences to the organisation. At a basic level, this means identifying the most critical OT functions essential to fulfilling the organisation’s business operations, and the potential consequences of a cyber attack against them. The knowledge of an organisation’s system custodians and engineers should be leveraged to identify methods an adversary could use to compromise critical OT functions. This valuable knowledge includes technical system architecture details, procedural and ways of working insights, like logical user access, third-party service provider scope, supply chain considerations, physical security etc. Real-world cyber scenarios seen across industries should be considered, of course, not all will be applicable, but to ensure completeness and due diligence they should be considered.
The ultimate aim of this initial analysis is to identify and prioritise risks that result in high-consequence events for the organisation. It also provides a high-level snapshot of current risk exposure and whether this exposure is within or out of organisational risk appetite/tolerance. Any subsequent OT cyber security strategy/programme and risk mitigations should be aligned accordingly with this analysis to ensure tangible risk reduction that is outcome focused. This approach helps organisations justify OT cyber security improvements and the associated costs by being armed with better information and understanding of “What, Why and How?”
Operating an Automotive manufacturing asset without an appropriate OT cyber security strategy/programme and relevant controls is high risk. To help you discover your level of risk exposure and to illustrate how we can support effective OT cyber security return on investment, get in touch for a free 30-min consultation.
By producing quality and innovative products, this company has greatly contributed to the growth and development of the technology industry in Hong Kong and the Asian region. Also, this company has boosted Hong Kong's economy by creating job and investment opportunities.
All Rights Reserved By PowerTech©