By Dilip Sawhney

Modernising cyber security systems is a key requirement for organisations taking significant strides towards smart operations. Other than financial and reputational loss, cyber-attacks can have an ESG (environmental, social and governance) impact. According to a report by Ponemon Research Institute and IBM, Indian firms lost around Rs 176 million to data breaches in FY2021-22, a 25% and 6.6% increase from FY20 and FY21, respectively. A Kaspersky survey finds that oil and gas, energy, chemicals, and consumer goods manufacturing industries are especially likely to be affected by the rise in incidents. As companies increasingly aim to boost smart manufacturing, a meticulous cybersecurity policy and its robust implementation should take a front seat, especially in critical infrastructure and manufacturing industries where the threat is considerably high.

In an increasingly interconnected world, reliance on OT systems has exponentially expanded. These industrial systems underpin essential infrastructure, manufacturing processes, and transportation networks. At the same time, these systems are vulnerable to cyber threats that can have devastating consequences. And, as OT/integrated control systems (ICS) are integrated into enterprise IT networks, the line between digital and physical infrastructure continues to blur. Whether an organisation makes cookies or cars, assets are being constantly added to the network, which only expands an already dynamic attack surface. The 2023 research study by Cyentia Institute, highlights rising risks to critical infrastructure and vulnerability of OT/ICS systems. The report found phishing as the most prevalent attack method and the energy sector the most intensely targeted by cybercriminals.

Also read: Man and machine: Teaming up to fend off cyber threats

Organisations in manufacturing and critical infrastructure sectors also face supply chain vulnerabilities. These companies rely on numerous interconnected components and systems, and securing each point of contact can be cumbersome. Many companies, especially small and medium-sized businesses, face resource constraints when it comes to investing in cybersecurity tools and expertise. Skill gap for planning and implementation also remains a challenge in implementing advanced security measures: According to a study by TeamLease Digital, there were 40,000 opportunities for cybersecurity professionals in May 2023 which remained unfulfilled due to a high 30% skill gap.

Thwarting cyber threats remains a top obstacle and a pressing concern for smart manufacturing initiatives. However, a host of reasons make implementing cybersecurity measures a challenge. The biggest is possibly the high share of legacy systems, especially in the government and healthcare sectors. It is difficult to secure such systems due to their outdated nature since they are often not compatible with the continuous improvements happening in the cybersecurity ecosystem and receive limited support. As organisations keep adding hardware and software to their legacy equipment in plants, they struggle to manage and secure these assets from pervasive cyberattacks. The industry is currently facing severe shortages in both expertise and resources, which are necessary for implementing and overseeing cybersecurity programmes involving operational technology.

While organisations largely employ measures such as access control through two-factor authentication (TFA) and strong password policies for Industrial Internet of Things (IIoT), firewalls and intrusion detection/prevention systems (IDS / IPS), few have expanded coverage through stringent vendor and third-party security checks or deploy modern, 360-degree strategy such as Zero Trust Architecture.

In a world where it is almost impossible to eliminate all risks, a proactive approach to cybersecurity comprising the following is important for digitalized critical infrastructure organisations.

Zero Trust Architecture (ZTA): Establishing a zero-trust architecture based on the ‘Never Trust, Always Verify’ principle is the most efficient OT security model to address this. ZTA can be achieved by implementing measures such as air-gapping (isolating a computer or network from unsecured/public networks), segmentation (adding a layer of physical security that cordons off a network from other networks) and shifting operations to the cloud.

Artificial Intelligence and Machine Learning: AI and ML decode large datasets real-time, identify patterns for anomaly detection and provide predictive analysis of threats. For a sector that has a substantial skill gap, AI and ML can provide assistance by providing a real-time understanding of assets’ vulnerabilities and augmenting existing risk management frameworks. For example, an AI- and ML-powered supply chain risk management software can automate the processes of monitoring physical and digital environments.

Incident Response and Recovery Plan: Developing a robust incident response and recovery plan that outlines procedures for detecting, containing, and recovering from cyber incidents is important for rebounding. Rapid, well-orchestrated incident response capabilities are a must-have countermeasure to bolster organisational resilience against cyber threats.

Cybersecurity is not a choice but an imperative in today’s interconnected world, and it is time industrial organisations prioritise it. OT cybersecurity is not easy, and the risks associated with the convergence of OT and IT are real, but most breaches have known defences. Looking at cybersecurity as a human/people problem can bring fresh insights – poor awareness about what causes the problem, gap in knowledge related to connected work floors, and absence of guidance in terms of best practices are some of the persistent concerns.

As India progresses towards becoming a smart manufacturing hub, it is crucial to address the vulnerabilities posed by cyber threats to critical infrastructure and manufacturing sectors. With a proactive approach and investment in advanced cybersecurity measures, involving people and processes alike, organisations can secure their future growth securely and sustainably.

(The author is Managing Director, Rockwell Automation India. Views expressed are the author’s own.)