Passer au contenu principal

Cybersecurity in the Age of Industry 4.0: Operational Technologies at the Forefront

As part of the Engineering Meetings, Genium 360 presented its first webinar in a series of three, all dedicated to the cyber protection of operational technologies (OT). The guest on October 19, Neila Zerguini, senior cybersecurity director at Deloitte, provided an overview of the challenges facing organizations and proposed several avenues to counter the growing threat. Here is an account of the meeting moderated by Nicolas Duguay, In-Sec-M, which was attended by more than 250 participants. Industrial revolution 4.0

We are currently witnessing a fourth industrial revolution. Manufacturing processes, networks, infrastructure or factories are increasingly interconnected. The digitalization of technology brings a host of benefits, including lowering production costs or speeding up the turnaround time for goods and services.

With this new efficiency, however, comes a greater vulnerability to cyber attacks. Neila Zerguini underlines that “many of our critical infrastructures are based on operational technologies”. Sectors essential to the functioning of cities and communities, such as energy, water treatment, building management, transport, retail, pharmaceuticals or healthcare, are ideal targets.

Convergence between IT and TO

This context increasingly brings together operational technologies and information technologies (IT). Previously completely isolated, they now exchange huge streams of data. As criminals increasingly target industrial companies, the transition within organizations raises major challenges:

  • Misunderstanding of threats within TO teams
  • Difficulty estimating the impact of an attack
  • Expensive upgrades
  • Divergence in culture, governance, training or language between IT and TO

What do cyber attacks look like?

“Whether the attacks are carried out by inexperienced hackers, malicious employees or by very structured networks, you have to know how to prepare and face the risk,” says Ms. Zerguini. Attacks take various forms; sometimes very sophisticated, like the case of Stuxnet in Iran, or sometimes very simple, like the famous blackout that plunged Kenya into darkness in 2016, after a monkey fell into a transformer.

Risk mitigation

For the engineers of tomorrow, optimal integration of IT and TO will lead to more efficient production, improve occupational health and safety, promote remote monitoring and generate greater sustainability.

In the face of more and more sophisticated cyber attacks, the best way to protect yourself, Zerguini says, is to be the wrong target. Starting now, organizations should:

  • define risk management governance
  • secure their systems (and those of third-party providers)
  • remain vigilant (understand and predict the phenomenon, defend yourself)
  • prepare for their resilience (minimize the impact on the industry, get back to work quickly)

To find out more, here are Ms. Zerguini’s suggestions:

Podcast: Darknet Diaries, episode 29.

Reading: Countdown to Zero Day, by Kim Zetter.

Read more on the subject:

How to collaborate with NATO?