Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Factory workers assembling a car. Photo: Jerry Cooke/Corbis via Getty Images

After years of dire warnings about hackers wreaking havoc on computers that run physical processes in factories and infrastructure, you’d think industrial firms would already have their top cybersecurity officers running cybersecurity at their plants. Today, that’s the case for only 35% of big facilities — but the situation is finally changing.

Why it matters: The 2 most important things to an industrial business are uptime and efficiency. Where plant owners once worried that cybersecurity pros would meddle with industrial processes they didn't understand, the very real impacts of 2 global cyberattacks in 2016 proved their skills were sorely needed.

The big picture: According to a 2018 Gartner report, only 35% of firms had the chief information security officer's (CISO) department or an equivalent in charge of their industrial networks — often referred to as operational technology (OT) as opposed to business systems, the traditional IT. But that number is projected to double by 2021.

  • “It's a huge trend in just the last 18 months,” said Amit Yoran, CEO of Tenable and the former director of Homeland Security’s United States Computer Emergency Readiness Team.
  • “If you go back a couple of years, the OT people were saying, ‘Those guys don't know anything about OT. We're separate, we're standalone, get out of our space. Now they recognize their networks are completely raided by IT systems.”

The key term to know is “IT/OT convergence.” OT and IT used to be church and state, separated by custom and bureaucratic boundaries. But companies are realizing the dangers of ignoring how quickly OT networks are beginning to look like IT networks.

  • "At first, it made sense to trust those systems to plant managers who may have been there 30-plus years with unblemished records and understood the language," said Ryan Brichant, chief technology officer for OT at the security firm Forescout.

Yes, but: Cybersecurity is increasingly seen as a boon to uptime, rather than an obstacle.

  • As plants invest in connected devices to boost efficiency, they also increase the number of systems vulnerable to attack.
  • Industrial systems are increasingly victims of targeted ransomware, where hackers identify big ticket companies to take hostage.

Why now? The trend of CISOs getting full control of plant cybersecurity predates the growth of targeted ransomware attacks and came years after the first industry warnings that increased connectivity could cause industrial disasters.

  • What really spurred the change appears to be two massive cyberattacks in 2016.
  • "When I talk to CISOs, they say the change in thinking took place around two years ago, after WannaCry and NotPetya," said Brichant.
  • While there's some debate if WannyCry and NotPetya were ransomware or destructive malware meant to look like ransomware, major closures in everything from chip manufacturers to U.S. ports to automotive plants demonstrated the danger.

The expansion of CISO duties has led to a change in how many security firms do business.

  • Several companies have recently consolidated IT and OT products into single platforms to offer a consistent experience on any network. Tenable and Forescout are among them.
  • "CISOs have a pretty large plate and want to be looking at as few screens as possible," said Brichant.

Go deeper

Updated 3 hours ago - Politics & Policy

In photos: The Biden and Harris inauguration

President Biden and first lady Jill Biden watch a fireworks show on the National Mall from the Truman Balcony at the White House on Wednesday night. Photo: Chip Somodevilla/Getty Images

President Biden signed his first executive orders into law from the Oval Office on Wednesday evening after walking in a brief inaugural parade to the White House with First Lady Jill Biden and members of their family. He was inaugurated with Vice President Kamala Harris at the U.S. Capitol on Wednesday morning.

Why it matters: Many of Biden's day one actions immediately reverse key Trump administration policies, including rejoining the Paris Agreement and the World Health Organization, launching a racial equity initiative and reversing the Muslim travel ban.

Republicans pledge to set aside differences and work with Biden

President Biden speaks to Sen. Mitch McConnell after being sworn in at the West Front of the U.S. Capitol on Wednesday. Photo: Erin Schaff-Pool/Getty Images

Several Republicans praised President Biden's calls for unity during his inaugural address on Wednesday and pledged to work together for the benefit of the American people.

Why it matters: The Democrats only have a slim majority in the Senate and Biden will likely need to work with the GOP to pass his legislative agenda.

The Biden protection plan

Joe Biden announces his first run for the presidency in June 1987. Photo: Howard L. Sachs/CNP/Getty Images

The Joe Biden who became the 46th president on Wednesday isn't the same blabbermouth who failed in 1988 and 2008.

Why it matters: Biden now heeds guidance about staying on task with speeches and no longer worries a gaffe or two will cost him an election. His staff also limits the places where he speaks freely and off the cuff. This Biden protective bubble will only tighten in the months ahead, aides tell Axios.