The State of OT Cyber Security

Productivity gains in the industrial sector have shrunk to 1% over the past several years. Every ounce of benefit from lean manufacturing and Six Sigma has been realized. Industrial companies are turning increasingly to digital investments to find new levels of productivity, production, and profit. As investment in digital transformation grows, so does the increased risk of cyber security incidents.

GE Digital spoke with Sivakumar (Siva) Narayanaswamy, Research Manager at Frost & Sullivan, to discuss key trends in the IIoT and how companies should approach cyber security to gain the most from their digital investments.

GE Digital: What trends are you seeing in Industrial Internet of Things (IIoT) adoption — are industries largely in ’test’ mode, or are we beginning to see broader rollout of IIoT, or somewhere else in the adoption cycle?

Sivakumar: Frost & Sullivan research highlights that the opportunity presented by the Internet of Things (IoT) in industrial manufacturing, including heavy industries, is becoming more beneficial to organizations as the technologies available to them continue to mature. The adoption of IoT in the industrial manufacturing sector, better known as the Industrial Internet of Things (IIoT), has led to improved automation in production management and greater transparency in the supply chain.

However, Frost & Sullivan research that includes focus groups in the U.S. and Europe, indicates that while Tier 1 companies are better positioned to invest in new technologies beneficial to smart manufacturing, Tier 2 and 3 companies (small and medium enterprises) are more concerned with the ROI of their technology investments. This means they are willing to wait to adopt the technologies that drive IIoT to mature, when they can afford to invest. The future development of IIoT requires synergetic efforts from all three stakeholders (solution providers, end-users and policy makers) to boost reliability and deliver massive societal benefits. Such collaborative efforts could result in wider awareness among end users about the immense potential of IIoT and ultimately lead to higher demand for new services. IIoT requires the analytical talent of data scientists. However, most research participants agree that current educational offerings are not up to this challenge.

GED: Which industries are further along the digital transformation journey?

Siva: The use of analytics and technologies to better understand assets and customer behavior is changing businesses. The real time data availability and the decisions drawn from them have enabled companies to leapfrog their competition. But, quite often, industry leaders consider digital transformation to be a disruption rather than an industry driver when it comes to achieving improvement in operational efficiency.

The adoption of digital technologies to automate work and derive the plethora of benefits is determined by the affordability, leadership, governance (organization structure), and business models that a company adopts. Primarily, adoption of digital technologies is also found to be different based on company size. The cost of adopting the digital technologies becomes a primary factor for small and mid-sized companies. Implementing  “cutting-edge digital platforms” in many cases is cost prohibitive and the ROI is a primary question from this segment.

Frost & Sullivan research highlights that discrete industries, particularly semiconductor, IT manufacturing, and food & beverage, have tested and adopted IIoT on the shop floor. The process industry, such as energy organizations, particularly oil and gas, are also in a prime position to benefit from IIoT. Digital Oil Fields, conceptualized a couple of decades ago, are now becoming a reality, driven by the sector’s need to improve production reliability and efficiency. There are, however, security and affordability concerns that must be addressed.

GED: With the promise of benefits from the IIoT, what should companies be thinking about to protect against the threat of a cyber-incident (common mistakes industries make, or things they overlook, or areas that need greater attention)?

Siva: With an eye on the future, contemporary industrial control systems are pushed to operate in tandem with other business systems (IT systems) rather than in silos.  To achieve this, companies must move beyond connecting solely to instrumentation/control networks, and leverage additional networks such as corporate networks and the Internet. Connecting to the Internet and other connected devices increases system vulnerabilities and calls attention to the need for company-wide cyber security policies.

Cyber security is often overlooked, as the overall losses involved are small when compared to the revenue made. The perceived benefits and ROI cannot be quantified, making it difficult for companies to invest in cyber security solutions.

However, in critical infrastructure industries, the awareness and investments are slowly on the rise due to the influx of regulatory compliance requirements. Critical infrastructure industries, such as power, oil and gas, and chemicals, have been at the forefront of creating awareness regarding cyber security implications. As a majority of  industries move toward the implementation of smart systems and processes, cyber security will have to transition into an in-built solution rather than an add-on feature.