IT Security | Production & Industry 4.0

Take the big-picture view to balance productivity and security

30. March 2021, Avatar of Felix ZechFelix Zech

Many IT departments in the U.S. and the U.K. don’t – as yet -- have to manage cybersecurity for operational technology (OT) environments, aka Industry 4.0 or IIoT. Compared to office computers and smartphones, devices like PC-based networked process control systems used in manufacturing may seem like they belong to a separate and almost exotic realm.

But as many IT admins managing company servers, WFH laptops and smartphones have discovered, IoT devices on users’ home networks pose cybersecurity challenges similar to those that OT systems do. Moreover, users are likely to keep on using their virtual assistants and internet-connected coffee makers, etc., whether or not they return to the office.

The point is, IT admins wrangling with Windows and app patches and updates and their colleagues managing OT devices have to solve similar endpoint management problems. While practical considerations – like the timing of patch deployments – differ in each environment, the big-picture issues are remarkably alike.

For instance, it’s increasingly common for IT departments here in Germany to oversee OT security in addition to typical IT duties managing office computers and mobile devices. We recently worked with techconsult GmbH to look at the state of OT security. Their report (in German) unsurprisingly shows that the production infrastructures at companies of all sizes have been the victims of cyberattacks. What’s more concerning is that small- and medium-sized industrial companies especially lack essential cybersecurity practices and tools, meaning that attacks on production equipment may go unnoticed and create a false sense of security. The same could be said for office networks at many SMBs in the U.S. and the U.K.

What every company with either IT or OT networks needs is a comprehensive, big-picture approach to cybersecurity management with practices and tools capable of handling every network-connected device from PCs and smartphones to pumps and process controllers. Doing so will clarify the practical issues that IT/OT teams have to tackle and how your company manages overall SecOps.

Safety vs. Productivity? Yes and no!

One of the bigger issues is the impact that security practices can have on user productivity and/or manufacturing. Very strict protocols can deliver high degrees of security but interfere with user or production line productivity. Striking the right balance is a tricky and constantly shifting challenge. It’s also increasingly important given the rising frequency and sophistication of cybersecurity attacks.

On the office side, every user wants to get their work done well and efficiently without security requirements getting in the way. That seems simple enough, but the devil is in the details. For example, many workers in Germany usually start their workday like this:

  • Power up or wake up the PC
  • Enter the BitLocker PIN 
  • Wait for boot up to complete
  • Enter their password using the required combination of upper and lowercase letters, numbers, special characters, and minimum length. 

That’s followed by loading the user profile and network and system resources matching their access rights. Then they wait as the software updates that IT deployed overnight are completed with restarts and/or installations, hopefully without trouble. From an IT POV, all of that is necessary and not a big deal in the scheme of things. But it does have an impact on productivity and the overall user experience. 

On the OT production side the balance is even more delicate. Patching PC-based process controllers overnight might mean taking all or part of a production line down and hoping there are no issues with the deployment that could affect upstream suppliers or downstream customers. 

The question on either the IT or OT side is this: can you relax security processes to make things easier and maintain user productivity or production output? The answer is a combination of “Sure!” and “Absolutely not!”

There’s no silver bullet or magic formula for achieving the right balance. However, what’s critical is getting the right mix of processes and tools that enables a comprehensive approach encompassing both IT and OT. Modern UEM solutions like ours offer a reliable balance between productivity and security for both IT security and OT security within an integrated and consistent single-pane-of-glass admin architecture. We’ve designed that big-picture approach into our UEM system to make it possible to strike the balance between productivity and security that every company needs.

Vom mobilen Arbeiten bis hin zum Intellectual-Property-Schutz

Darüber hinaus spielen auch die veränderten Formen des Arbeitens heute eine wichtige Rolle – vom Homeoffice bis hin zur mobilen Einbindung von Außendienstmitarbeitern. Wie lasse ich als Unternehmen meinen Angestellten also auch unter solchen “Remote”-Bedingungen sicheren technischen Support zukommen?

Fehlen alle diese Mechanismen, ist die scheinbar durch weniger Sicherheitsadministration gewonnene Produktivität in höchstem Maße gefährdet. Dass nicht blockierte Malware komplette IT-Infrastrukturen über Tage und Wochen lahmlegt ist traurigerweise längst keine Theorie mehr, sondern der Alltag der SecOps, man denke nur an WannaCry, Non Petya und andere Attacken.

Das gilt genauso für den Diebstahl vertraulicher Daten und geistigen Eigentums. Das gefährdet das gesamte Unternehmen. Es liegt also auf der Hand, dass die heutzutage vielfach hochkomplex vernetzten Unternehmen besonders intelligenter Maßnahmen bedürfen, um diese und viele andere Risiken zu minimieren. Am besten also strenge Direktiven an alle Arbeitnehmer ausgeben, dass alle Attachements von E-Mails gelöscht, alle Links in selbigen entfernt und E-Mails nur noch als Nur-Text gesendet und empfangen werden müssen/dürfen? Nun, das entspricht dem Status, der vielleicht Ende der 80er/Anfang der 90er Jahre des vergangenen Jahrtausends noch gereicht hätte. 

Heute müssen Unternehmen vielmehr darüber nachdenken, wie sie für ausreichende Sicherheit auf allen Ebenen sorgen können und ihre Anwender/innen dennoch gleichzeitig weitestgehend unterbrechungs- und einschränkungsfrei arbeiten können. Moderne Software wie unsere Lösungen für die IT-Sicherheit und die OT-Sicherheit ermöglichen genau das und bieten eine zuverlässige Balance zwischen ungestörter Produktivität und höchster Sicherheit. Den risikoreichen Spagat zwischen beiden Polen brauchen Unternehmen mit den heutigen Optionen tatsächlich nicht mehr zu fürchten.

Read more

Entries 1 to 3 of 3