Traditionally, the responsibility for cybersecurity has fallen on the shoulders of the IT department. But if you're not going to make your chief information security officer (CISO) or chief information officer (CIO) your new plant manager, then you're going to have to get OT (operations technology) and the manufacturing team more engaged in how they're going to secure and protect this environment.
The consequences of neglecting cybersecurity in the manufacturing environment can be severe. Downtime, production disruptions and compromised product quality can result in significant financial losses and reputational damage. Craig Duckworth, president and CEO of Velta Technology, emphasizes the importance of addressing liability: "As an organization, the executives and the board of directors are now being held liable and personally responsible, in addition to the organization, for not providing that same amount of due diligence and care."
To effectively mitigate risk and ensure the security of their manufacturing operations, organizations must adopt a proactive and comprehensive approach. This begins with understanding the unique challenges and complexities of the OT environment. Unlike traditional IT systems, industrial control systems often consist of legacy equipment, proprietary protocols and a range of devices from multiple vendors. Securing these systems requires specialized knowledge and expertise that goes beyond the scope of traditional IT security.
One of the key steps in securing the manufacturing environment is establishing continuous monitoring and asset inventory management. Organizations have all different kinds of metrics and methodologies to determine how good they are at making goods. That same discipline needs to be applied to the cybersecurity and its measurement of the plant floor. That means you have to know your risk.
By implementing tools and technologies that provide real-time visibility into the OT environment, organizations can gain a better understanding of their assets, vulnerabilities and potential threats.
However, securing the manufacturing environment is not solely a technical challenge. It requires collaboration and alignment between IT and OT teams, as well as the involvement of key stakeholders such as process control engineers and asset owners. Duckworth emphasizes the importance of this collaboration: "It takes involvement. It takes time. It takes key people that are, as I would call them, the asset owners—the process control engineers, the teams down in the plant floor that are responsible for those assets. They have to know how to interpret the data that they feed to the C-suite so that business decisions on risk can be made."
To drive this collaboration and ensure the success of cybersecurity initiatives, the C-suite and board of directors must take an active role in setting the tone and prioritizing cybersecurity as a strategic imperative. This includes allocating the necessary resources, establishing governance frameworks and fostering a culture of security awareness throughout the organization.
Furthermore, organizations must recognize the importance of engaging with their supply chain partners and OEMs to address cybersecurity risks. No matter who you are selling to or partnering with, they're starting to expect that you're doing that due diligence on OT cybersecurity.
Dino Busalachi is chief technology officer and co-founder of Velta Technology, an integrator member of the Control System Integrators Association (CSIA). For more information about Velta Technology, visit its profile on the CSIA Industrial Automation Exchange.
