How to Defeat Cybercriminals Before They Turn Your Networked Machines into Zombie Bots
December 14, 2016
GE Reports Canada
Let’s say you oversee a manufacturing plant. Along with your team of workers, over the years you’ve added assembly robots, 3D printers, and Computer Numerical Control (CNC) machines, all networked over the Cloud. These smart machines enable the type of real-time monitoring and actionable analytics that makes your facility cost-efficient and competitive. But that connectivity comes with a dangerous flipside: your manufacturing operations are increasingly exposed to cyber threats.
Rebecca Lawson knows this inherent duality well. She’s the executive director for cybersecurity at Wurldtech, a GE company with the mission of securing the Industrial Internet. While the business community has become more sophisticated and mature when it comes to cybersecurity for Information Technology (IT) networks, Lawson says it lags when it comes to addressing threats to the Industrial Internet and the operational technology (OT) systems typically used to monitor or control physical devices.
Why we need better protection for operational technology
That lack of preparedness is worrying, considering the stakes can be higher in the Industrial Internet, where critical infrastructure is often involved. “It’s tied to a physical environment, so if you have a disruption to an oil well or hospital, there are more dire consequences than an email server being down for half-an-hour,” Lawson says.
In September, hackers used 150,000 cloud-connected CCTV devices to launch a giant distributed denial of service attack on major websites. Lawson says it’s “absolutely plausible” the Industrial Internet-of-Things could be just as vulnerable to such an attack. “DDOS attacks never go out of style,” she says.
The Industrial Internet-of-Things has its own unique challenges. The underlying technologies in OT are different than what’s found in IT environments; oftentimes, many different technologies are involved, and they all speak their own languages. In the IT world, patches for updating or fixing programs are common, but they’re few and far between in OT, Lawson says.
“There’s a lot of potential for either mistakes or misconfigurations or malicious code entering that network and doing something that’s not intended,” Lawson says. Those disruptions can cause safety concerns or bring costly downtime.
The first step to meeting the cybersecurity challenge? Gain visibility
So what can companies do to address these issues? Lawson says your number one concern should be making sure you can see exactly what’s going on in your OT network. “Without that visibility, you’re not going to have control,” she says. Next, make sure you have the people, processes and technology in place so that if something does happen, you can identify the problem and respond immediately.
Wurldtech provides security technologies that ensure networks stay clean. Its flagship product, OpShield, is designed to help protect critical infrastructure and controls network, while its Achilles program tests, validates, and certifies platforms for industrial devices. There’s also Predix, General Electric’s software platform for the collection of data from industrial machines, with advanced cybersecurity built in.
“At GE, we’re using our own technologies and our processes internally,” Lawson says. “We have lots of opportunities to test across health care, energy, oil and gas, transportation, and aviation. That gives us a really good framework and basis for developing our products and services.”
Cybersecurity products are great, but Lawson emphasizes people are also key: “It really takes smart people to help ensure your environment is set up to be secure in the first place.”