Industry 4.0 may have given the shop floor a facelift, but it has also ushered in some rainy days for industrial systems security. The once traditional and siloed operations inside a manufacturing organization are now not only interconnected, but also connected to external networks.
Technologies under the umbrella of Industry 4.0 – big data analytics, internet of things (IoT), cloud computing, sensors, artificial intelligence (AI), additive manufacturing, mobile devices etc.– are drawing the attention of cyber criminals and changing the board’s agenda. Corporates have become wary of attacks on industrial control systems (ICS), where design rigidities could lead to cyber-attacks.
In an interaction with CSOOnline, S Srikanth, senior manager of information security at TVS Motor Company, shares thoughts on the threat factors that are plaguing the shop floor. An industry veteran with over 25 years of experience, he talks about the changing CISO–C-Suite dynamic and is positive that user awareness and emerging tech can tackle rising threats.
What are the top challenges security leaders in the manufacturing sector are facing today?
Awareness is the main challenge. With IoT and everything going digital, there is a plethora of information security risks. And it is only the beginning of IoT in the industry. Protection has to be ramped up in the digital area, along with awareness of newer emerging threats.
How are the security strategies needed to secure the shop floor in the face of rampant threats?
It is important to classify access and controls for internal and external usage. For operation level systems, external access should be restricted. And at business level, systems must be protected with multiple security layers.
At TVS, we have implemented a robust framework, which is compliant with the latest ISO standards. This coupled with 4-layered security strategy, identity and access management, threat intelligence, vulnerability and penetration testing are the main pillars of our organizational security.
What are the new responsibilities in your role at the company? Does it include more interaction with the C-suite than before?
Today, when a visitor enters the factory, the security team is responsible for constantly monitoring it physically and otherwise. We have MDM solutions in place where we block all the camera mobiles inside the premises. We have risk assessment in each department and every development has a testing phase before we implement it. All of these decisions are taken after discussions with top management. So yes, there is regular interaction with the business stakeholders, and it’s a good thing.
How has the CISO’s role changed when we talk about industry 4.0?
There were a lot of attacks on the industry last year. Ransomware, attacks on ICS and others – the CISO’s role has been highly focused on newer attacks. Security leaders are strengthening defenses by adding more tools to monitor, protect and respond. Framework changes and the need to create user awareness have changed the security leaders’ agenda.
In the present scenario, what would you say to your peers in terms of their cybersecurity posture?
People need to understand the business and reputational impact of a data breach. It is imperative to be aware of the latest technologies in the security space. Learn, implement and adapt. Threats will always be there, but if you’re armed with the latest tech, it’ll make your job much easier.