Data 64bfc1ea79bb4

Rising cybersecurity concerns in manufacturing: 2023 CSIA Executive Conference highlights industry perils

July 25, 2023
IT-OT convergence and digital transformation bring production benefits and cybercrime opportunities

Digital transformation has brought greater insights, more efficient production and higher machine uptime to manufacturing facilities. But with great advancements come great perils. Cybersecurity—once a concern harbored by the keepers of the enterprise network—has become a necessity with factory-floor data being shared on-premise and into the cloud. It was one of the topics discussed at the 2023 Control System Integrators Association (CSIA) Executive Conference in New Orleans.

Information technology (IT) and operational technology (OT) are coming together and working together, explained Ken Hackett, director of business development, General Control Systems, a system integrator in Albany, New York, with multiple offices around the United States. “System integrators are avid supporters and trusted advisors to both sides,” he said. “There’s some type of cybersecurity in every project we quote.”

General Control Systems sees itself as trusted advisor on the OT side and is bringing that insight to the IT side, explained Hackett. “The OT side doesn’t want their equipment locked down 100%, but IT wants it done in a safe manner,” he said. “It’s really educating on both sides. On the OT side, the programmable logic controller (PLC) is the easiest place to start making security changes. Human-machine interfaces (HMIs) are another place that you can upgrade. Those are the two easiest ways. In IT, your servers are the easiest.”

Hackett also cited the Purdue model for industrial-control-system security as important because of structure. “They can make sure they lock down what needs to be locked down from the IT side,” he explained, referencing pharmaceutical manufacturing, which, for example, is heavily regulated. “It needs to be integrated because IT and OT are part of it. It pushes out more opportunities,” Hackett said.

“Nobody knows OT systems better than system integrators,” explained Keith Mandachit, engineering manager, Huffman Engineering, a system integrator in Lincoln, Nebraska. “The number-one priority is keeping them running. We had a new client, around July 4, 2017, that needed our help because their systems were down. We showed up, and it’s the eeriest feeling when you’re walking into a manufacturing facility, and it was dead silent. Every machine had a ransomware screen on it. We spent a week there, helping them to get their critical systems back online. Employees were coming in and dropping their laptops in a pile on the conference table. They were a global pharma company, so every site got hit.”

The attacks brought awareness to the cybersecurity industry and stressed the importance of analyzing the risk, explained Mandachit. “Application software on the OT side sometimes lags behind what’s available and being used on the IT side,” he said.

“There are increased efficiencies but also increased actors looking to disrupt the process,” said Cody Bann, director of engineering at Win-911, which offers an alarm-notification platform. “The benefits outweigh the risks. Cybercrime has evolved. Two-thirds of organizations are victims of ransomware, and half of them paid the ransom.”

Malicious actors see industry as soft, said Bann. “Cybersecurity is a concern for all organizations,” he reasoned. “In industry, the Internet of Things (IoT) connects the digital and physical world.”

Managing cyber risks includes training personnel on cybersecurity awareness; embracing multi-factor authentication and strong passwords; stopping credential-sharing; incorporating remote notification; and creating or reviewing backup/recovery plans, advised Bann.

“The weakest link in every attack is people,” cautioned Marc Nicosia, director of business development at Automated Control Concepts, an integrator headquartered in Florida with offices along the eastern seaboard. “It can only be reduced through information and education. We’re all aware of it, but not everybody is as aware.”

Nicosia said the sleeping giant has been awakened. “Industry is starting to take notice,” he explained. “Who knows cybersecurity? Primarily the IT organization. People are starting to spend money and do something about it. No company wants to advertise that they’ve been hit because it affects their stock price.”

For backup and recovery, OT needs to take lessons already learned by IT, suggested Nicosia. “If it’s on the same network, you’ve already failed,” he warned. “We need to help create comprehensive backup and recovery plans. They’ve been doing this for years in IT. Do we want to back it up to the cloud or off-site? You’ve got to have a plan. It’s not if but when you’ll get hit. We’ll all get hit. You can spend millions of dollars on all the right protections, but you’ll still get hit. Have a backup and recovery plan. We as integrators can create programs for our customers. They say they’re doing it, but they’re not.”

An IT department may not understand what a sensor or I/O is, but they’ll understand the structure of the Purdue model, said Nicosia. “There’s a shortage of talent in the United States for OT expertise and cybersecurity expertise,” he explained. “We have an opportunity to bridge that gap. Nobody on the OT side is going to be the chief security officer.”

About the Author

Mike Bacidore | Editor in Chief

Mike Bacidore is chief editor of Control Design and has been an integral part of the Endeavor Business Media editorial team since 2007. Previously, he was editorial director at Hughes Communications and a portfolio manager of the human resources and labor law areas at Wolters Kluwer. Bacidore holds a BA from the University of Illinois and an MBA from Lake Forest Graduate School of Management. He is an award-winning columnist, earning multiple regional and national awards from the American Society of Business Publication Editors. He may be reached at [email protected] 

Sponsored Recommendations

2024 State of Technology Report: PLCs and PACs

Programmable logic controllers (PLCs) and programmable automation controllers (PACs) are the brains of the machine in many regards. They have evolved over the years.This new State...

2024 State of Technology Report: Packaging Equipment

Special considerations and requirements make packaging equipment an interesting vertical market unto itself. This new State of Technology Report from the editors of ...

High Sensitivity Accelerometers to Monitor Traffic and Railroad Vibration for Semiconductor Manufacturing

This paper examines highly sensitive piezoelectric sensors for precise vibration measurement which is critical in semiconductor production to prevent quality and yield issues....

Simulation for Automation Guide

How digital twin solutions are expanding the capabilities of plant engineers.