{"id":19429,"date":"2021-05-28T08:00:00","date_gmt":"2021-05-28T07:00:00","guid":{"rendered":"https:\/\/www.engineernewsnetwork.com\/blog\/?p=19429"},"modified":"2021-05-27T13:54:55","modified_gmt":"2021-05-27T12:54:55","slug":"securing-operational-technology-systems-against-cyber-attack","status":"publish","type":"post","link":"https:\/\/www.engineernewsnetwork.com\/blog\/securing-operational-technology-systems-against-cyber-attack\/","title":{"rendered":"Securing operational technology systems against cyber-attack"},"content":{"rendered":"\n<p><strong>David Bean looks at the fundamental aspects that need to be considered, including suitable system level design, risk management, system intrusion detection and automation platform vulnerability management<\/strong><\/p>\n\n\n\n<p>With smart manufacturing continuing to merge the worlds of information technology (IT) and operational technology (OT), the demand for comprehensive security measures to protect OT networks is growing. For a standards-based approach, stakeholders can turn to the IEC 62443 guidelines.<\/p>\n\n\n\n<p>As the technologies to bridge the divide between the worlds of IT and OT within a plant have become more established, the digitalisation of businesses has accelerated. The goal of this digital transformation is to provide a foundation to boost productivity, optimise asset availability and maximise plant utilisation. That foundation is built upon a rapidly growing network of increasingly sophisticated plant floor devices \u2013 the so-called Industrial Internet of Things (IIoT).<\/p>\n\n\n\n<p><strong>Addressing cyber security<\/strong><\/p>\n\n\n\n<p>However, this greater level of integration brings with it an increased onus to consider and improve cyber security. Figures from the Centre for Economics and Business Research (Cebr) and gov.uk (1) estimate the cost to UK businesses of cyber breaches in excess of \u00a318bn.&nbsp;<\/p>\n\n\n\n<p>From a general manufacturing perspective cyber-attack brings the risk of lost production, theft of intellectual property and the negative impact on brand confidence as well as potential environmental damage if safety systems are affected. It is perhaps, then, not a surprise to find that, according to a Make UK report (2), the threat of cyber-attacks is stopping some 35% of manufacturers from investing in digitalisation.<\/p>\n\n\n\n<p>Further, from the perspective of safety critical infrastructure, asset owners also have to consider the potential cost of being found to be non-compliant with the Network and Information Systems (NIS) Directive. In the UK, the maximum penalty for a breach of the NIS Directive is \u00a317m, enough to give even the biggest businesses pause to think.<\/p>\n\n\n\n<p><strong>Implementing cyber security standards<\/strong><\/p>\n\n\n\n<p>With all of that said, though, the risk of not investing in digital transformation is enormous, particularly in this era of global competition. From an OT perspective, there are now established standards that provide all of the stakeholders in a deployed industrial automation system \u2013 the asset owners, the system designers\/integrators and the individual product vendors \u2013 with the tools and guidelines that they need to secure an installation against cyber-attack.<\/p>\n\n\n\n<p>Chief among these is IEC 62443, which provides a systematic and practical approach to cyber security for plant OT systems, covering every aspect from initial risk assessment right through to operations. It defines the differing security roles of the key stakeholders, specifying the unique requirements for each security level within the control ecosystem.<\/p>\n\n\n\n<p>IEC 62443 reinforces the accepted \u2018defence in depth\u2019 strategy, defining methodologies for implementing OT cyber security measures and outlining procedures as well as policies that can form the methods, for firstly hindering an attack and secondly recovering from an attack.<\/p>\n\n\n\n<p>It is notable that IEC 62443 places some considerable onus on the automation equipment supplier to embed protective features within their products to contribute to system design considerations and lifecycle management, as well as respond to any vulnerabilities that may be discovered.<\/p>\n\n\n\n<p><strong>Defence in depth<\/strong><\/p>\n\n\n\n<p>This is something Mitsubishi Electric takes very seriously. The company\u2019s products have long offered a number of security features that support the development of a robust cyber security strategy. The \u2018defence in depth\u2019 approach that it adopts when advising systems integrators and asset owners on the methodologies that should be used to implement secure networks and control systems are closely aligned with IEC 62443.<\/p>\n\n\n\n<p>In addition, Mitsubishi Electric has established a Product Security Incident Response Team (PSIRT) as defined in IEC 62443.&nbsp;<\/p>\n\n\n\n<p>Further, Mitsubishi Electric offers a risk audit service that helps asset owners understand the risks in terms of criticality and consequence of a potential cyber breach. The service provides a written report on the status of the networked industrial control systems and offers recommendations for any remediation that is required to meet the standards set out in IEC 62443.<\/p>\n\n\n\n<p>Most recently, Mitsubishi Electric has built a collaboration with Radiflow, whose intrusion detection and analytical tools for generating risk reports and remediation measures meet all the requirements of IEC 62443. These tools can provide ongoing passive status monitoring of networked assets, highlighting any associated vulnerabilities \u2013 for example in access control methods \u2013 and flagging up any suspicious network traffic.<\/p>\n\n\n\n<p><strong>Evolving cyber threat<\/strong><\/p>\n\n\n\n<p>In essence, an OT cyber security solution is an insurance policy and as with so many things in life, the more comprehensive the policy, the greater the level of protection. Implementing a robust solution is part of a successful digital transformation strategy and ensures that companies can boost productivity and enhance their competitiveness.<\/p>\n\n\n\n<p>References: <\/p>\n\n\n\n<p>(1) <strong><a href=\"https:\/\/assets.publishing.service.gov.uk\/government\/uploads\/system\/uploads\/attachment_data\/file\/674046\/understanding-costs-of-cyber-crime-horr96.pdf\">https:\/\/assets.publishing.service.gov.uk\/government\/uploads\/system\/uploads\/attachment_data\/file\/674046\/understanding-costs-of-cyber-crime-horr96.pdf<\/a><\/strong><\/p>\n\n\n\n<p>(2) <strong><a href=\"https:\/\/www.makeuk.org\/insights\/blogs\/manufacturers-agree-they-need-more-cyber-security-support\">https:\/\/www.makeuk.org\/insights\/blogs\/manufacturers-agree-they-need-more-cyber-security-support<\/a><\/strong><\/p>\n\n\n\n<p>David Bean is Solutions Manager at <strong><a href=\"http:\/\/gb3a.mitsubishielectric.com\" target=\"_blank\" rel=\"noreferrer noopener\">Mitsubishi Electric<\/a><\/strong>. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>David Bean looks at the fundamental aspects that need to be considered, including suitable system level design, risk management, system intrusion detection and automation platform vulnerability management With smart manufacturing continuing to merge the worlds of information technology (IT) and operational technology (OT), the demand for comprehensive security measures to protect OT networks is growing. &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[105],"tags":[5777,181,3738],"class_list":["post-19429","post","type-post","status-publish","format-standard","","category-design","tag-cyber-attack","tag-mitsubishi-electric","tag-smart-manufacturing"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Securing operational technology systems against cyber-attack - Engineer News Network<\/title>\n<meta name=\"description\" content=\"David Bean looks at the fundamental aspects that need to be considered, including suitable system level design, risk management, system intrusion detection and automation platform vulnerability management\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.engineernewsnetwork.com\/blog\/securing-operational-technology-systems-against-cyber-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Securing operational technology systems against cyber-attack - Engineer News Network\" \/>\n<meta property=\"og:description\" content=\"David Bean looks at the fundamental aspects that need to be considered, including suitable system level design, risk management, system intrusion detection and automation platform vulnerability management\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.engineernewsnetwork.com\/blog\/securing-operational-technology-systems-against-cyber-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"Engineer News Network\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-28T07:00:00+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/securing-operational-technology-systems-against-cyber-attack\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/securing-operational-technology-systems-against-cyber-attack\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/#\\\/schema\\\/person\\\/4477342aea8e299c6a21761e513ea8e1\"},\"headline\":\"Securing operational technology systems against cyber-attack\",\"datePublished\":\"2021-05-28T07:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/securing-operational-technology-systems-against-cyber-attack\\\/\"},\"wordCount\":802,\"keywords\":[\"cyber-attack\",\"Mitsubishi Electric\",\"smart manufacturing\"],\"articleSection\":[\"Design\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/securing-operational-technology-systems-against-cyber-attack\\\/\",\"url\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/securing-operational-technology-systems-against-cyber-attack\\\/\",\"name\":\"Securing operational technology systems against cyber-attack - Engineer News Network\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/#website\"},\"datePublished\":\"2021-05-28T07:00:00+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/#\\\/schema\\\/person\\\/4477342aea8e299c6a21761e513ea8e1\"},\"description\":\"David Bean looks at the fundamental aspects that need to be considered, including suitable system level design, risk management, system intrusion detection and automation platform vulnerability management\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/securing-operational-technology-systems-against-cyber-attack\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/securing-operational-technology-systems-against-cyber-attack\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/securing-operational-technology-systems-against-cyber-attack\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Securing operational technology systems against cyber-attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/\",\"name\":\"Engineer News Network\",\"description\":\"The ultimate online news and information resource for today's engineer\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/#\\\/schema\\\/person\\\/4477342aea8e299c6a21761e513ea8e1\",\"name\":\"admin\",\"url\":\"https:\\\/\\\/www.engineernewsnetwork.com\\\/blog\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Securing operational technology systems against cyber-attack - Engineer News Network","description":"David Bean looks at the fundamental aspects that need to be considered, including suitable system level design, risk management, system intrusion detection and automation platform vulnerability management","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.engineernewsnetwork.com\/blog\/securing-operational-technology-systems-against-cyber-attack\/","og_locale":"en_GB","og_type":"article","og_title":"Securing operational technology systems against cyber-attack - Engineer News Network","og_description":"David Bean looks at the fundamental aspects that need to be considered, including suitable system level design, risk management, system intrusion detection and automation platform vulnerability management","og_url":"https:\/\/www.engineernewsnetwork.com\/blog\/securing-operational-technology-systems-against-cyber-attack\/","og_site_name":"Engineer News Network","article_published_time":"2021-05-28T07:00:00+00:00","author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Estimated reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.engineernewsnetwork.com\/blog\/securing-operational-technology-systems-against-cyber-attack\/#article","isPartOf":{"@id":"https:\/\/www.engineernewsnetwork.com\/blog\/securing-operational-technology-systems-against-cyber-attack\/"},"author":{"name":"admin","@id":"https:\/\/www.engineernewsnetwork.com\/blog\/#\/schema\/person\/4477342aea8e299c6a21761e513ea8e1"},"headline":"Securing operational technology systems against cyber-attack","datePublished":"2021-05-28T07:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.engineernewsnetwork.com\/blog\/securing-operational-technology-systems-against-cyber-attack\/"},"wordCount":802,"keywords":["cyber-attack","Mitsubishi Electric","smart manufacturing"],"articleSection":["Design"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/www.engineernewsnetwork.com\/blog\/securing-operational-technology-systems-against-cyber-attack\/","url":"https:\/\/www.engineernewsnetwork.com\/blog\/securing-operational-technology-systems-against-cyber-attack\/","name":"Securing operational technology systems against cyber-attack - Engineer News Network","isPartOf":{"@id":"https:\/\/www.engineernewsnetwork.com\/blog\/#website"},"datePublished":"2021-05-28T07:00:00+00:00","author":{"@id":"https:\/\/www.engineernewsnetwork.com\/blog\/#\/schema\/person\/4477342aea8e299c6a21761e513ea8e1"},"description":"David Bean looks at the fundamental aspects that need to be considered, including suitable system level design, risk management, system intrusion detection and automation platform vulnerability management","breadcrumb":{"@id":"https:\/\/www.engineernewsnetwork.com\/blog\/securing-operational-technology-systems-against-cyber-attack\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.engineernewsnetwork.com\/blog\/securing-operational-technology-systems-against-cyber-attack\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.engineernewsnetwork.com\/blog\/securing-operational-technology-systems-against-cyber-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.engineernewsnetwork.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Securing operational technology systems against cyber-attack"}]},{"@type":"WebSite","@id":"https:\/\/www.engineernewsnetwork.com\/blog\/#website","url":"https:\/\/www.engineernewsnetwork.com\/blog\/","name":"Engineer News Network","description":"The ultimate online news and information resource for today's engineer","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.engineernewsnetwork.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/www.engineernewsnetwork.com\/blog\/#\/schema\/person\/4477342aea8e299c6a21761e513ea8e1","name":"admin","url":"https:\/\/www.engineernewsnetwork.com\/blog\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/posts\/19429","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/comments?post=19429"}],"version-history":[{"count":1,"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/posts\/19429\/revisions"}],"predecessor-version":[{"id":19430,"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/posts\/19429\/revisions\/19430"}],"wp:attachment":[{"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/media?parent=19429"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/categories?post=19429"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.engineernewsnetwork.com\/blog\/wp-json\/wp\/v2\/tags?post=19429"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}