The CISO’s evolving role: How digitalisation is bringing the fight to industrial security threats

Robin Whitehead of Boulting Technology

It’s no longer a question of whether your business will be attacked, but rather when it will be attacked. Cyber attacks, particularly those on public sector and utility businesses, are now a regular, often daily occurrence. Here, Robin Whitehead, managing director of systems integrator Boulting Technology, explains how this is impacting the role of the chief information security officer (CISO) and resulting in the need for end-to-end digitalisation.

It’s a simple fact that data makes the modern economy turn. Being the first business to take action, based on the insights gained from some pivotal piece of information, gives businesses a distinct competitive advantage. However, it’s also quickly becoming a fact of life that the same data is being targeted by skilled cybercriminals intent on stealing this new currency and even causing maximum damage to infrastructure.

We can see the potential scale of cyber crime if we look at the number of data breaches made each month. For example, in December 2017, security firm IT Governance reported that 33.8 million records — including a mixture of personal and business information — had been leaked around the world. In November 2017, the number was 59 million.

Sophisticated cyber attacks

With the world facing the likes of WannaCry, Petya and NotPetya in 2017, sophisticated cyber threats are the biggest technological fear in 2018. Although sectors such as financial services and the public sector are most at risk, there have also been numerous high-profile attacks on utilities, oil and gas and food manufacturing environments in recent years.

At 9:30am on 27 June, 2017, confectionery manufacturer Cadbury was hit by a cyber attack, which halted production at its Hobart factory in Australia. Computers at the facility were infected with the Petya ransomware virus and displayed a message on the screen demanding payment in cryptocurrency.

Later that same day, NotPetya — a variant of the Petya virus — went on to do further damage to facilities across Europe. NotPetya exploits a backdoor in the update system of a Ukrainian tax-preparation programme running on Windows and used by around 80% of all Ukrainian businesses.

It uses a vulnerability in the Windows operating system called EternalBlue — originally believed to have been developed by the US National Security Agency (NSA) — to encrypt the filesystem’s master file table (MFT), preventing the system from locating its own files.

Launched on the eve of Ukraine’s Constitution Day holiday — NotPetya quickly spread to networks in Russia, France, Germany, Italy, Poland, the UK and the US and affected many sectors. “It’s massive,” Christiaan Beek, a lead scientist and principal engineer at McAfee, told WIRED about the situation in Ukraine. “Complete energy companies, the power grid, bus stations, gas stations, the airport, and banks are being targeted.”

The new CISO

It should come as no surprise then that the advice of IT and security experts is now being sought at the highest levels of business. The role of the chief information security officer (CISO) is also changing in response. Acting as the head of IT security, the CISO has traditionally been responsible for things like operational compliance and adherence to ISO standards as well as performing IT security risk assessments and ensuring that the business is using the latest technologies.

However, increasingly, the CISO must now also drive IT security and strategy, guiding everyone from the shop-floor staff to the most senior officials in the business on how best to protect them from cyberattacks. The modern CISO now takes a seat at the boardroom table, ensuring business continuity, come what may.

Modern CISOs need to be visionaries and good communicators in their own right, exerting their influence at all levels of the business to bring about long lasting technological and security change.

End-to-end digitalisation

For industrial businesses, this change cannot come soon enough. The desire to integrate manufacturing networks with the outside world and the increased use of smart data is driving efficiencies and cost savings in sectors from food and beverage, pharmaceutical and automotive to utilities such as gas, water and energy. At the same time, it’s also leaving them vulnerable to attacks that can lead to business disruption and extended periods of downtime.

Part of the reason for this is that many businesses have traditionally operated in silos, with information technology (IT) and operational technology (OT) experts not historically well aligned to the same objectives and outcomes. However, as we increasingly use more internet-connected devices such as PLCs, HMIs, intelligent motor control centres (MCCs), telemetry devices and smart meters — all relaying millions of data points to centralised and often remote SCADA and ERP systems — it will become crucial to take a joined-up approach to industrial operations. Cue end-to-end digitalisation.

For many businesses, replacing hardware and software to allow functionality such as standardised Fieldbus communications, real-time cloud data, analytics and centralised control across every aspect of their operations is neither a cheap undertaking nor one that is quick to enact.

After all, most engineering plant managers have built up a complex system over many years, retrofitting new components and modules to existing equipment. This is driving the need for end-to-end digitalisation, moving away from fragmented system control, maintenance and upgrade towards a holistic approach that encompasses system-wide transparency, alarms and notifications, including analytics that can deliver actionable insights to improve process efficiency.

At Boulting Technology we’re helping our customers introduce cybersecurity measures to retrofitted equipment in existing industrial set-ups. Our range of control systems, networking products, intelligent motor control centres and more, form an integrated system that gives engineers easy and secure access to their operation around the clock. Ultimately, end-to-end digitalisation will help companies respond to attacks and breaches in minutes rather than hours or days.

So, while we come to the realisation that cyberattacks are simply a normal part of doing business, take heed of your CISO’s advice and rethink your end-to-end digitalisation strategy.

The author of this blog is Robin Whitehead, managing director of systems integrator Boulting Technology

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

RECENT ARTICLES

Scality and HPE GreenLake accelerate on-prem cloud services to keep data sovereign

Posted on: May 24, 2022

London, UK. 24 May 2022 – Scality has announced the availability of its Scality S3 Object Storage on the HPE GreenLake Cloud Services platform to accelerate on-prem cloud services for customers who want to retain their data sovereignty, scale easily and manage costs. The two companies are committed to solving the greatest data challenges across the

Read more

Welbilt KitchenConnect launches the smart restaurant ecosystem for the foodservice industry

Posted on: May 24, 2022

Welbilt, Inc., a provider of commercial equipment and cloud device management for the foodservice industry, is proud to announce the launch of the Smart Restaurant Ecosystem. The ecosystem is powered by the digital companies in the Internet of Things (IoT) space that will empower its homegrown cloud platform for connected restaurant equipment, KitchenConnect.

Read more
FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more