Industrial Automation and Cybersecurity Vulnerabilities
Published on : Thursday 03-03-2022
Organisations must define a robust security strategy to prevent cyberattacks and ensure that the strategic leadership owns and drives this strategy, says V Srinivasa Rao.
Growing digitalisation means increased threats of cyberattacks, hence it is important for the industry to prepare to effectively safeguard its business resources. Digitalisation intensity in the industry has increased with evolving technologies in the last decade (Graphic 1).
a. First, the industry started embracing Social, Mobile, Analytics, Cloud (SMAC) technologies (2010-2015)
b. Then the Internet of Things (IoT), Artificial Intelligence, Mixed Reality and Blockchain (2016-2020); and
c. In the next five years, we will see the usage of 3D Printing, Metaverse, Edge Computing, and 5G extensively.
As the digital intensity of organisations goes up, there will be a rise in:
1. Cybersecurity Vulnerabilities (weaknesses in the existing software, networks, devices, infrastructure)
2. Cybersecurity Threats (possible attacks by hackers leveraging vulnerabilities), and
3. Cybersecurity Risks (potential impact on organisations' brand, finance, and morale due to cyberattacks).
serious privacy and cybersecurity issues.
As new technologies are being introduced rapidly the cybersecurity preparedness of the industry is very contextual. It is a continuous process and there is nothing like the industry is entirely prepared at that moment.
Most CISOs also believe that it is impossible to prevent all cyberattacks. Still, it is possible to establish a robust cybersecurity system with the required infrastructure, tools, and resources to bounce back to normalcy after cyberattacks within a shorter period.
There are so many vulnerabilities, and companies must safeguard their business operations. In the digital era, 'people to people’, 'people to things' and 'things to things' have been communicating and collaborating in real-time using digital technologies. This means many cybersecurity, safety, and privacy issues will be encountered by various organisations. Hence, preventive, and corrective cybersecurity practices must be implemented.
Graphic 2 illustrates the business resources that encounter serious privacy and cybersecurity issues in a hyper connected world.
Graphic 3 illustrates a few vulnerabilities that put organisations into deep trouble.
Organisations must establish a Vulnerability Management System that helps identify the vulnerabilities, evaluate their impact, prioritise, and address the vulnerabilities with software, hardware, and policy interventions so that companies can safeguard their business operations.
The human factor is very critical and would be the weak link in the technology chain. The human factor is the insider threat – humans' intentional or accidental efforts may pose a serious threat to organisations. In the gig economy, extended employees, and consultants access organisations' assets from anywhere (home, restaurants, other countries, etc.).
A few examples in which human factors play a crucial role are (illustration).
IoT devices have become common targets for cybercriminals. Many precautions to be taken while selecting such devices. Due to IPV6, there are 343 trillion trillion trillion IP addresses, which means any physical object can be connected to the internet. For example, IP-enabled cameras, locks, lights, voice controllers, smoke alarms, thermostats, robots, IoT-enabled machines, equipment, air pollution monitors, and many more. These are highly vulnerable, if necessary, security precautions are not taken. While selecting IoT devices following precautions could be taken (illustration).
While large companies have the resources, SMEs face this threat with limited resources. Usually, SME’s focus on cybersecurity management is low. This is because SMEs have meagre growth capital, and they mainly worry about their day-to-day working capital. Hence the cost of a security solution is a critical parameter. Therefore, SMEs should come together and form clusters. Each cluster could share the cost of the security infrastructure, tools, and services without compromising their specific security needs.
Organisations could take many preventive measures to effectively manage cybersecurity threats, as enumerated below. Organisations must define a robust security strategy to prevent cyberattacks and ensure that the strategic leadership owns and drives this strategy.
1. Establish Cybersecurity Policies, Processes, Governance
2. Train employees on the overall cybersecurity ecosystem of the organisation
3. Implement antivirus and Vulnerability Management tools to scan the organisation’s networks, infrastructure, and applications and proactively alert the organisation on potential cyberattacks that help in taking the right decision at the right time.
4. Provide regular training to employees and partners /suppliers to ensure that they follow the defined security policies and governance.
5. Conduct regular security audits and ensure that organisation is complying with all the security policies, and
6. Assess the security vulnerabilities as applicable, while purchasing IoT devices, network equipment, hardware, and software, specially.
V Srinivasa Rao (VSR) is the Chairman and MD of BT&BT, and was the former Senior Vice President and Chief Digital Officer (CDO) at Tech Mahindra. He has worked with global customers in 25 countries. He featured in Fortune 500 (India), 2012, as one of the 'Rubber Souls' for Satyam Computers Turnaround story. VSR is an executive coach, consultant and advisor to CXOs and senior executives on business digitalisation. He was the Chairman of Smart Cities Working Group at Institute of Engineering and Technology (IET), India Currently he is chairing Open Digital Innovation Group of IET, India. V Srinivasa Rao is the convenor of Bureau of Indian Standards, Blockchain Smart Contracts ISO working group. He is the recipient of awards from the PMI, USA and an invited keynote speaker, panel chair at globally renowned technology events.
