I recently attended the 28th Annual ARC Industry Leadership Forum. For three days, industry thought leaders convened in Orlando to discuss the growing risk of cybersecurity threats on manufacturing and industrial operations amidst increased investment in digital technologies and growing demands to create data visibility across OT and IT.
Here are my three important takeaways from the event:
The landscape of operational security is fraught with growing challenges according to ARC Advisory Group. Ransomware attacks and escalating political tensions are heightening the threats of both operational disruptions and safety incidents. Moreover, the implementation of new regulations is intensifying compliance requirements worldwide, with significant fines for non-compliance, including increased management responsibility. As digitalization advances, ushering in IoT devices, edge solutions, and interconnected workforces, a whole new realm of cyber risks emerges, expanding the attack surface and necessitating heightened vigilance.
The recent cyber incidents involving Norsk Hydro and WestRock underscore the dire consequences of ransomware attacks on industrial networks. Norsk Hydro's ICS network fell victim to such an attack, with a reported $70M in losses in their earnings report, highlighting the financial vulnerability in the face of such threats. Similarly, WestRock experienced production outages across a segment of their network due to a ransomware attack, resulting in the loss of a substantial 85,000 tons of product. These incidents serve as stark reminders that the costs of cybersecurity breaches are profound, whether it's the expense of fortifying defenses or the toll exacted by the aftermath of an attack.
In navigating the complex landscape of cybersecurity, organizations must prioritize three key pillars: people, process, and technology. Firstly, execution demands the seamless integration of IT and OT cybersecurity programs, recognizing the interconnectedness of digital systems. Secondly, effective governance and leadership are imperative, with the Chief Information Security Officer (CISO) taking oversight of security not only across corporate systems but also within operating facilities, ensuring a unified approach to risk management. Lastly, fostering a culture where cybersecurity is ingrained as everyone's responsibility is paramount, creating an environment where employees feel empowered to report incidents without fear of repercussions, thereby strengthening the organization's overall resilience against evolving threats.
PTC and Kepware are committed to helping our customers navigate the evolving threat landscape and securing aspects of their industrial control networks, and using best practices to ensure the connectivity provided can secure connections between operations and enterprise networks. For more on this topic, read our blog on how Kepware enables strategies for effective cybersecurity automation.