Edited by Eamonn Ryan
The following presentation was delivered at the 2023 GCCA Cold Chain Conference in Cape Town, by cybersecurity expert and 30-year veteran Charl van Niekerk, CEO of 2TS, on the topic ‘Industrial Systems, the New Frontier for Cyber Attacks’. This is Part 2 of a three-part series.
So why is this relatively simple scenario becoming the new frontier for hackers?
Companies’ aging technology within industrial systems is a significant vulnerability. As the fourth industrial revolution unfolds and the pandemic accelerated digital transformation, the once-isolated networks of industrial systems become more interconnected. The convergence of old technologies with new threats posed a daunting challenge, making industrial systems a new frontier for cyber attackers.
Businesses need to recognise the evolving threat landscape and prioritise robust cybersecurity measures for their industrial systems. As these systems become more interconnected, the need for a proactive and specialised approach to cybersecurity becomes paramount. The lessons learned from the healthcare /cancer analogy underscored the importance of early detection and prevention in safeguarding the health and vitality of industrial infrastructures.
Seismic shifts have occurred in recent years, transforming the cybersecurity landscape for industrial systems. Remote work, once deemed inconsequential in these environments, has become a reality. The convergence of IT and OT has further complicated the cybersecurity dynamics, creating new vulnerabilities.
What has had a profound impact is remote access on industrial systems. The traditional belief that these systems were secure due to their isolation from external networks has been shattered. Remote work has provided a gateway for cyber threats, altering the dynamics of industrial environments and exposing them to potential breaches. Hackers have cottoned on to the ease of hacking into OT systems, and that this in turn may be an alternative route to hack into a company’s IT system.
Technological advancements within industrial systems have been in the direction of specialisation and infrequency of updates in these environments. Unlike the continuously evolving landscape of IT, OT devices, such as those in cold storage facilities or warehouses, are often designed without robust security considerations.
IoT as an entry point for cyber threats
There is an increased use of Internet of Things (IoT) devices in industrial settings. While these devices contribute to enhanced efficiency and productivity, they simultaneously serve as potential entry points for cyber threats. The aging nature of these systems and the lack of consistent security updates make them attractive targets for hackers seeking vulnerabilities.
It is therefore critically important to monitor any deviations within the industrial environment. The ability to detect anomalies early on and respond promptly is crucial to mitigating potential damage. The top ten vulnerabilities within industrial systems range from unauthorised access to outdated security protocols.
Key trends in the industry aim at mitigating cyber threats given the escalating sophistication of cyber-attacks and the need for increased vigilance. These trends include the heightened focus on OT cybersecurity, the merging of responsibilities between COOs and CIOs for industrial and IT security, and the pressing need for regulatory compliance to address vulnerabilities effectively.
There have been instances where devices within industrial systems were exploited to compromise entire operations in an environment of vulnerability of critical systems, such as those governing temperature in cold storage facilities. The potential for a single cyber-attack to cripple entire operations – such as an entire warehouse – is all too real because they regard such targets as ‘low hanging fruit’. The challenges are formidable, but with strategic planning, vigilance, and investment in specialised cybersecurity measures, businesses can fortify their defenses against the silent killer lurking in the digital shadows.