IoT devices need to be selected with appropriate cybersecurity measures in place
Published on : Wednesday 02-03-2022
Shivendra Kapoor, Sr Manager – Functional Safety & Risk Services, Chola MS Risk Services.
Growing digitalisation means increased threats of cyber-attacks. Is the user industry prepared for it?
The Industry is still in transition to realise the fact that there are increased cyber-attacks happening but the understanding of whether it is an IT related cyber-attack or OT related is not clearly understood, primarily due to lack awareness about the differences between IT and OT. The industry is gearing up and in boardrooms cyber-attacks and prevention against the same has emerged as one of the key highlights, however, implementation is the area of concern which very few have rolled out.
What are the vulnerabilities and how can companies safeguard their operations?
Usage of industrial computers/laptops with open ports, single user authentication, user names and passwords displayed in operators’ log books, passwords that are easily hackable, patching not done at defined time intervals, disgruntled employees are some common vulnerabilities and some of the best ways to safeguard is two-factor authentication, blocking all ports on industrial computers/ laptops, strict IT and OT security policies and ensuring the same is followed in letter and spirit, etc.
How critical is the human factor in this equation – is it the proverbial weak link in the technology chain?
Definitely yes. Based on many survey outcomes conducted in the cybersecurity world, human factor contributes to a huge extent as disgruntled employees, intentional revealing of confidential information, etc., are huge contributing factors.
IoT devices have become common targets for cybercriminals. What are the precautions while selecting such devices?
IoT devices need to be selected with appropriate cybersecurity measures in place and from reputed vendors. Follow the Cybersecurity guidelines of your corporate when connecting these devices to the Process Control Network. Ensure the control system architecture is segregated as per actual project requirements and the zone and conduit philosophy as suggested in IEC 62443 standards.
While large companies have the resources, how can SMEs face this threat with limited resources?
SMEs need to have the correct understanding between IT and OT and appropriate budgets need to be assigned to have a correct process and system set for cybersecurity implementation including trainings to build competency in personnel and where required seek appropriate OT expert support.
What are the preventive measures organisations can take to face the threat of cyber-attacks?
Building competency, conducting cyber PHAs and further OT cybersecurity lifecycle requirements as per IEC 62443, rolling out OT cybersecurity policies and procedures and ensuring same is followed with strict measures to punish violators.
(The views expressed in are personal, not necessarily of the organisation represented)
Shivendra Kapoor, is an Instrumentation engineer and a Certified Functional Safety Professional from TÜV SÜD. He has +18 years of industry experience covering a variety of sectors like: Oil and Gas, Mines and Minerals, Chemicals, etc. He is also a freelance writer at heart and has 20+ short fictional and non-fictional stories published globally in reputed publications and also a non-fiction book by Crosswords. He is currently employed as Sr. Manager – Functional Safety with Chola MS Risk Services in Mumbai, India. He can be reached at: [email protected]
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)
.jpg)