Blog about cybersecurity within the operational technology and information technology environments

Operational technology targeted by cyber attackers

William Adamthwaite, Account Manager at FMC Global Talent.
William Adamthwaite, Account Manager at FMC Smart Industry

As the world continues to digitalise, so does crime. An unwelcome effect of Information Technology (IT) and Operational Technology (OT) integration is the increased opportunities for hackers, malware authors and criminal groups to take advantage of security systems.

Why are OT/IT environments targeted? What can be done to prevent attacks? Do we have the right people for the job? The industry is evolving at a phenomenal rate but increased cyber-attacks are proving a barrier to growth.

Operational technology targeted

Securing an OT environment is significantly different than securing a traditional IT environment. IT focuses on digital information protection whereas OT focuses on people and physical asset protection.

To deliver security solutions specifically for OT, it requires an industrial mindset, purpose-built technology and specific OT security expertise which is in short supply.

CyberX reports that over the past 12 months they have recorded data from more than 850 production ICS and SCADA networks, across six continents. This latest data indicates that many industrial sectors continue to be soft targets for adversaries, specifically security gaps in key areas such as plain-text passwords (69%), direct connections to the internet (40%), weak anti-virus protections (57%), and WAPs (16%).

Recruitment running dry

As with any emerging technology discipline, staffing can be a challenge. Most often, there is a clear demarcation between those who understand IT and those who understand control systems.

The primary responsibility of IT is service delivery, often measured in service level agreements. The primary responsibility of OT is proper physical asset operations.

In the IT realm, there’s generally more cybersecurity specialization. People have been specifically trained in application security or network security or encryption or any number of other important disciplines.

In OT, those tasked with security are usually operational technology people. As part of their day job, they deal with security, too. It’s been an add-on, and not a specialization causing forms of negligence.

Fighting back

We’re someway off winning the war against cyber-attacks, particularly in complex markets such as Digital Plant. From working closely with technology leaders around the world, it is clear the following areas must be addressed:

  • Increased awareness across the IT/OT environments.
  • Introduce more standards and regulations for IoT technologies, which will make planning and implementation easier and clearer.
  • Cross train IT professionals into the importance of OT security.
  • Train entire workforces in the field on the importance of security.

FMC Smart Industry

Having operated within the Digital Plant sector for over 10 years, FMC has journeyed alongside global software providers to help them achieve digital transformation.

Interested in learning more about live vacancies within Digital Plant and Cybersecurity? Contact me on +44 (0) 1275 372 230 or email me at william.adamthwaite@fmctalent.com for more information.