Your production environment up for grabs for cybercriminals?
Embrace industry 4.0 in a cyber-secure way
Have you got an IT & OT cyber policy? Congratulations! Then you belong to the lucky few: only 34% of Belgian industrial manufacturing companies invest in this. Why should you have an OT policy?
February 2021, the operating system of a water treatment plant in Florida (USA) was hacked. The hackers were able to manipulate the water chemically. The amount of sodium hydroxide was increased one hundred times by the hackers, thus poisening the water supply of the entire city. Fortunately, the water treatment company was able to detect and undo the manipulation immediately.
How can you protect your production systems against unwanted (digital) manipulation?
Does this ring a bell to you? Let us explain. IT stands for “Information Technology”. We use this term in office environments. OT stands for “Operational Technology”. This is the technology behind your production machines. Machines didn’t use to be connected to the internet. Nowadays, both machines and robots are connected to the company network, bringing IT and OT together.
Most companies have an IT policy (incident response plan and business continuity plan). But only 34% of the companies have an OT policy. Your company becomes a target due to connectivity, older operating systems and a non-existent OT policy.
None of your business? Some figures:
- 58% of Belgian manufacturing companies experienced some kind of OT security breach in the past year.
- 77% never tests its OT security.
- 35% works with PLCs over 10 years old.
- 48% never performs any updates.
Has the bell started to ring and would you like to learn more? Agoria and HoWest recently published a whitepaper on cybersecurity in the manufacturing industry: they carried out a study and discussed the survey’s results and recommendations for the industry.
Fortunately, you don't have to reinvent the wheel ... We find that many principles from crisis management can provide an initial solution.
3 tips!
OT? Creating awareness is the key to succes
This is true in all areas: food safety, workplace safety, IT, OT and many more. To better protect your company, you must first be aware of the potential risks.
Choose for an integrated approach
While IT and OT are not the same, managing risks in both domains requires an integrated approach. Assessing those risks, applying a cost-benefit analysis, evaluating the whole and adjusting policies accordingly are the logical steps in the process.
Invest in Incident Response Management
Despite your integrated approach, things can still go wrong. Don’t panic, you can use the knowledge which you have developed in various areas, because the principles are the same.
Food Security helps my company by:
Covering this Food Defense aspect during our next annual membership meeting on 30/9 from 4pm. Save the date!
Discussing the basic principles of crisis management, which can be applied in various fields, during our trainings (Level #1 crisis management, Food Defense, Crisis Management Awareness session ...)
Being the confidential point of contact for the food industry regarding security related questions and/or incidents.
Learning points
How is your company’s Food Defense?
Securing your residence is a given, but securing the workplace comes less naturally. Our practical experience at food companies confirms this.
First aid for consumer complaints
When receiving a sensitive consumer complaint, a swift response is key. Proper complaint management directly affects consumer confidence in your brand and products.
Guest article: Ransomware and the brewing process
A cyber crisis has long been a distant concern for many companies. Today, cybersecurity should be one of their top priorities. Every company is vulnerable, whether multinational...