-
Global
-
Africa
-
Asia Pacific
-
Europe
-
Latin America
-
Middle East
-
North America
- |
- BUSINESSES
- |
- Contact
- |
-
Global
-
Africa
-
Asia Pacific
-
Europe
-
Latin America
-
Middle East
-
North America
- |
- BUSINESSES
- |
- Contact
- |
You are browsing the product catalog for
- News
- Operational Technology (OT) Cybersecurity Risks: Could That Really Happen?
Operational Technology (OT) Cybersecurity Risks: Could That Really Happen?
Why cybersecurity should be an extension of safety education for industrial sites
What does operational technology (OT) cyber risk really mean? OT cybersecurity risk refers to the threats and vulnerabilities connected with the use of technology in industrial control systems and operational processes.
There's an established tenant in OT cybersecurity called “defense in depth” which is the strategy of using multiple, layered measures to protect an organization’s assets. However, this can’t be a one-and-done process. The measures put in place must be continuously improved because the OT threat landscape changes constantly – and what isn’t a concern today, could be one tomorrow.
Cyberattacks on Industrial Control Systems: Physical Damage Through Digital Methods
About 15 years ago, industrial cybersecurity was nascently being discussed; however, it wasn’t called “OT cybersecurity” because operational technology wasn’t a term yet in existence. The phrase operational technology came about from a need to differentiate OT and IT environments – particularly as it related to cybersecurity.
IT cybersecurity deals with information security such as intellectual property or financial data, and a breach in that area can cause a terrible impact. But when it comes to consequence, OT cybersecurity has more at stake because it can cause changes in our physical world. Imagine if a critical infrastructure was taken down and brought offline – water, electricity or other energy sources – major disruption would occur.
An example from recent history is the Colonial Pipeline, which runs 5,500 miles from Texas to New York, transporting about 45% of the East Coast’s fuel supplies and servicing multiple airports. A 2021 cyberattack caused the industrial control system to be taken offline for a week and caused a painful impact to the U.S. East Coast, resulting in fuel shortages, inflated prices, panic buying, and long lines at the pump.
In more general terms, with OT disruption there can be a real business impact as well as the potential to cause harm. It could be an error that decreases yields if production is halted, or it could impact quality if something is altered. The biggest risk would be some longer lasting consequence – something that could cause physical damage to the environment, or even people.
The Constantly Changing Landscape of OT Cyber Threats
One of the reasons a continuous journey is stressed in OT cybersecurity is because there is never a time when an enterprise’s “defense in depth” will end, and the process considered complete. In your OT cybersecurity journey, you need to know where you currently are, what your next steps are, where you ultimately need to be – and then repeat the cycle.
If you’re just getting started with OT cybersecurity for your industrial organization, you would probably focus on where the vulnerabilities are, what systems need to be changed, and when that change can happen in terms of things being on process or off process. It may sound like there's a lot of complexity involved around this, but that’s why the Honeywell Forge team is here – to take the complexity off your shoulders.
When you’re a little further on in the journey, with an already improved security posture, that's when you need to think, “How can I make it even more difficult for an attacker to succeed?”
Or, if you think you're protected and everything's good, schedule a penetration (pen) test or a red team/blue team exercise to see if you’re as secure as you think you are – and then find ways to make yourself a little bit more secure. There’s never going to be an OT cybersecurity box to check that says, “we’re done.”
Also, remember that cybersecurity isn’t just about implementing new technologies. Awareness and training play a huge role, and cybersecurity should be an extension of safety education. Site safety is incredibly important in the industrial industry, but cybersecurity – which is a form of safety – hasn't reached the same awareness level. The act of inserting a USB thumb drive into a computing platform in an industrial control environment should provoke the same response as walking into a hard hat area without a hard hat on: Don’t do it.
OT Cybersecurity: Take the Next Step Now
Whatever stage of the journey you're on, Honeywell is here to help. We have dedicated cybersecurity professionals around the globe focused on industrial cybersecurity – highly trained, skilled people who are ready to help with your OT cybersecurity journey.
Learn more about how we can partner with your organization to shape your OT cybersecurity future.
Copyright © 2024 Honeywell International Inc.