Industry puts cybersecurity pros in charge
After years of dire warnings about hackers wreaking havoc on computers that run physical processes in factories and infrastructure, you’d think industrial firms would already have their top cybersecurity officers running cybersecurity at their plants. Today, that’s the case for only 35% of big facilities — but the situation is finally changing.
Why it matters: The 2 most important things to an industrial business are uptime and efficiency. Where plant owners once worried that cybersecurity pros would meddle with industrial processes they didn't understand, the very real impacts of 2 global cyberattacks in 2016 proved their skills were sorely needed.
The big picture: According to a 2018 Gartner report, only 35% of firms had the chief information security officer's (CISO) department or an equivalent in charge of their industrial networks — often referred to as operational technology (OT) as opposed to business systems, the traditional IT. But that number is projected to double by 2021.
- “It's a huge trend in just the last 18 months,” said Amit Yoran, CEO of Tenable and the former director of Homeland Security’s United States Computer Emergency Readiness Team.
- “If you go back a couple of years, the OT people were saying, ‘Those guys don't know anything about OT. We're separate, we're standalone, get out of our space. Now they recognize their networks are completely raided by IT systems.”
The key term to know is “IT/OT convergence.” OT and IT used to be church and state, separated by custom and bureaucratic boundaries. But companies are realizing the dangers of ignoring how quickly OT networks are beginning to look like IT networks.
- "At first, it made sense to trust those systems to plant managers who may have been there 30-plus years with unblemished records and understood the language," said Ryan Brichant, chief technology officer for OT at the security firm Forescout.
Yes, but: Cybersecurity is increasingly seen as a boon to uptime, rather than an obstacle.
- As plants invest in connected devices to boost efficiency, they also increase the number of systems vulnerable to attack.
- Industrial systems are increasingly victims of targeted ransomware, where hackers identify big ticket companies to take hostage.
Why now? The trend of CISOs getting full control of plant cybersecurity predates the growth of targeted ransomware attacks and came years after the first industry warnings that increased connectivity could cause industrial disasters.
- What really spurred the change appears to be two massive cyberattacks in 2016.
- "When I talk to CISOs, they say the change in thinking took place around two years ago, after WannaCry and NotPetya," said Brichant.
- While there's some debate if WannyCry and NotPetya were ransomware or destructive malware meant to look like ransomware, major closures in everything from chip manufacturers to U.S. ports to automotive plants demonstrated the danger.
The expansion of CISO duties has led to a change in how many security firms do business.
- Several companies have recently consolidated IT and OT products into single platforms to offer a consistent experience on any network. Tenable and Forescout are among them.
- "CISOs have a pretty large plate and want to be looking at as few screens as possible," said Brichant.