Securing industrial systems in a digital world
Benjamin Dickinson A B and Daniel Wilkinson AA ABB Ltd, Byland Way, Billingham, Teesside, TS23 4EB, UK.
B Corresponding author. Email: Benjamin.dickinson@gb.abb.com
The APPEA Journal 59(2) 574-577 https://doi.org/10.1071/AJ18264
Accepted: 7 March 2019 Published: 17 June 2019
Abstract
Operational technology, largely industrial equipment, has become increasingly connected, and the integration of information technology components allows such devices to leverage software that drives data collection and analysis, resulting in enhanced performance and ultimately ‘smarter’ machines. With these benefits come vulnerabilities, including the possibility of malicious actors gaining access to critical assets through networks. The growing recognition of cybersecurity threats to critical infrastructure (e.g. oil, gas, chemicals, energy, water) has brought the topic into the spotlight. Further, regulatory requirements on these industries have increased. Standards and policies have been created in an attempt to address the rapid technological changes; however, it is still challenging for companies to implement needed processes and keep personnel up to date and aligned, given the pace of change. Designing products to be secured from cyberattack only became a topic of concern about a decade ago, and the prevailing sense at that time was that isolation (‘air gap’) and limited availability of technical knowledge (‘security by obscurity’) protected industrial control systems products. This false belief was quickly dismissed as wishful thinking after Stuxnet and vendors began to respond to customer demands for more secure products. However, with often heterogeneous equipment and life cycles counted in decades, it will take time for secure components to become the norm. In this extended abstract we share insights to enhance your understanding of how governance, technology and business requirements intersect, illustrate ways in which organisations can leverage digitalisation opportunities to manage increasing risks better and offer recommendations for organisations to improve their cybersecurity posture in a holistic and sustainable model.
Keywords: cybersecurity, industrial control systems.
Ben Dickinson has over a decade of experience helping clients secure their systems from the threat of cyberattacks. Ben has advised critical infrastructure operators in preparing for, detecting, responding and recovering from cyberattacks. Ben specialises in understanding the unique challenges posed by securing industrial automation and control systems. Ben is currently responsible for driving global strategy for cybersecurity services across the oil, gas and chemicals business unit. Ben holds a MSc in Computer Security from the University of Liverpool and has studied courses such as Assessing and Exploiting Control Systems by Justin Searle, SANS 515: Industrial Control System Active Defense and Incident Response by Robert Lee and Hardware Hacking by Grand Idea Studio. |
Daniel Wilkinson is a cyber analyst and an ABB cybersecurity graduate who graduated from Durham University with a BSc in Computer Science in 2018. Daniel is part of the ABB graduate program and is currently working the oil, gas and chemicals business in the UK. |
References
Ponemon Institute (2017). 2017 Cost of Data Breach Study. Ponemon Institute LLC. Available at: https://www.ponemon.org/blog/2017-cost-of-data-breach-study-united-states [verified 22 March 2019].Tehan, D. (2017). National Press Club address: silent dangers – launch of the Australian Cyber Security Centre’s 2017 threat report. Available at: https://ministers.pmc.gov.au/tehan/2017/npc-launch-australian-cyber-security-centre-2017-threat-report [verified 22 March 2019].
