Factory workers assembling a car. Photo: Jerry Cooke/Corbis via Getty Images

After years of dire warnings about hackers wreaking havoc on computers that run physical processes in factories and infrastructure, you’d think industrial firms would already have their top cybersecurity officers running cybersecurity at their plants. Today, that’s the case for only 35% of big facilities — but the situation is finally changing.

Why it matters: The 2 most important things to an industrial business are uptime and efficiency. Where plant owners once worried that cybersecurity pros would meddle with industrial processes they didn't understand, the very real impacts of 2 global cyberattacks in 2016 proved their skills were sorely needed.

The big picture: According to a 2018 Gartner report, only 35% of firms had the chief information security officer's (CISO) department or an equivalent in charge of their industrial networks — often referred to as operational technology (OT) as opposed to business systems, the traditional IT. But that number is projected to double by 2021.

  • “It's a huge trend in just the last 18 months,” said Amit Yoran, CEO of Tenable and the former director of Homeland Security’s United States Computer Emergency Readiness Team.
  • “If you go back a couple of years, the OT people were saying, ‘Those guys don't know anything about OT. We're separate, we're standalone, get out of our space. Now they recognize their networks are completely raided by IT systems.”

The key term to know is “IT/OT convergence.” OT and IT used to be church and state, separated by custom and bureaucratic boundaries. But companies are realizing the dangers of ignoring how quickly OT networks are beginning to look like IT networks.

  • "At first, it made sense to trust those systems to plant managers who may have been there 30-plus years with unblemished records and understood the language," said Ryan Brichant, chief technology officer for OT at the security firm Forescout.

Yes, but: Cybersecurity is increasingly seen as a boon to uptime, rather than an obstacle.

  • As plants invest in connected devices to boost efficiency, they also increase the number of systems vulnerable to attack.
  • Industrial systems are increasingly victims of targeted ransomware, where hackers identify big ticket companies to take hostage.

Why now? The trend of CISOs getting full control of plant cybersecurity predates the growth of targeted ransomware attacks and came years after the first industry warnings that increased connectivity could cause industrial disasters.

  • What really spurred the change appears to be two massive cyberattacks in 2016.
  • "When I talk to CISOs, they say the change in thinking took place around two years ago, after WannaCry and NotPetya," said Brichant.
  • While there's some debate if WannyCry and NotPetya were ransomware or destructive malware meant to look like ransomware, major closures in everything from chip manufacturers to U.S. ports to automotive plants demonstrated the danger.

The expansion of CISO duties has led to a change in how many security firms do business.

  • Several companies have recently consolidated IT and OT products into single platforms to offer a consistent experience on any network. Tenable and Forescout are among them.
  • "CISOs have a pretty large plate and want to be looking at as few screens as possible," said Brichant.

Go deeper

Updated 10 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 10 p.m. ET: 32,471,119 — Total deaths: 987,593 — Total recoveries: 22,374,557Map.
  2. U.S.: Total confirmed cases as of 10 p.m. ET: 7,032,524 — Total deaths: 203,657 — Total recoveries: 2,727,335 — Total tests: 99,483,712Map.
  3. States: "We’re not closing anything going forward": Florida fully lifts COVID restaurant restrictions — Virginia Gov. Ralph Northam tests positive for coronavirus.
  4. Health: Young people accounted for 20% of cases this summer.
  5. Business: Coronavirus has made airports happier places The expiration of Pandemic Unemployment Assistance looms.
  6. Education: Where bringing students back to school is most risky.
Mike Allen, author of AM
13 hours ago - Politics & Policy

Biden pushes unity message in new TV wave

A fresh Joe Biden ad, "New Start," signals an effort by his campaign to make unity a central theme, underscoring a new passage in his stump speech that says he won't be a president just for Democrats but for all Americans.

What he's saying: The ad — which began Friday night, and is a follow-up to "Fresh Start" — draws from a Biden speech earlier in the week in Manitowoc, Wisconsin:

Trump prepares to announce Amy Coney Barrett as Supreme Court replacement

Judge Amy Coney Barrett. Photo: Matt Cashore/Notre Dame University via Reuters

President Trump is preparing to nominate federal appeals court Judge Amy Coney Barrett of Indiana, a favorite of both the social conservative base and Republican elected officials, to succeed Justice Ruth Bader Ginsburg, Republican sources tell Axios.

Why it matters: Barrett would push the already conservative court further and harder to the right, for decades to come, on the most important issues in American politics — from abortion to the limits of presidential power. If confirmed, she would give conservatives a 6-3 majority on the high court.