“As the manufacturing industry continues to grow rapidly, its evolution, driven by the Internet of Things, creates intelligent networks that are connecting machines, work, and systems. That demand secure intelligence to sustain the autonomous exchange of information, trigger actions and control each other independently,” says Imran Chaudhrey, Country Manager – East Africa, Fortinet.
Considering that manufacturing organisations manage expensive and sophisticated equipment, Chaudhrey during the premier East Africa Industry 4.0 Forum stressed the need for manufacturers to invest in cyber resilience to secure the enterprises from possible cyber threats to physical safety, and in some cases, national security.
In a rapidly evolving marketplace that demands just-in-time production, manufacturers cannot afford to be slowed down by cybersecurity events—or by efforts to prevent them.
According to Chaudhrey, companies strive to secure their systems while maintaining business imperatives like operational efficiency, continuity of operations, product integrity, and compliance.
During the high-level discussion session organised by CIO East Africa, that brought together the manufacturing and ICT industry champions ranging from; policymakers, the industry regulators, and the leadership of the Africa Telecommunications Union, Chaudhrey noted that the Fortinet Security Fabric provides a broad, integrated, and automated security architecture that covers all aspects of the manufacturing business – from the back office to the manufacturing floor, from air-gapped systems to connected ones, from internal users to third-party partners.
Connected manufacturing systems
As digital transformation and the need for business agility create increasing co-dependence between IT and OT, Chaudhrey asserts that OT systems are increasingly less isolated. This from industrial IoT sensors that monitor manufacturing operations to systems that pull publicly available data from the internet to facilitate decision-making. From a cybersecurity perspective, the main result of this convergence is a greatly expanded attack surface. And since OT systems often are not patched consistently, weakening cybersecurity protection, this presents a risk to an organisation in the short term.
But if cybersecurity issues can be resolved, the potential is great for combining IT and automation networks into a single, secure, manageable, and converged environment. Cybersecurity teams must have centralised visibility into all systems, the ability to segment the networks according to business need and centralised control of both wired and wireless networks.
Meeting the needs of the next-generation enterprise calls for manufacturers to sustain productivity and uptime. Any unplanned interruption in operations can incur significant costs to a manufacturer, and the outage can create problems that cascade down distribution channels and up the supply chain. Unfortunately, many cyberattacks on manufacturers aim to cause just such a disruption. Others seek to move laterally within the network once they get in, but the attack can still have an impact on operations said Chaudhrey.
Plant, worker, and community safety
In the current threat landscape, adversaries aiming to disrupt operations with a cyber-physical attack can create safety-risk for onsite employees and even nearby residents. In addition, attacks can affect the safety of products produced at a factory, extending the risk over a vast geography.
During the forum that drew CEOs, CIOs, CFOs, Chief Product Officers, Chaudhrey stated that siloed security operations resulting from a lack of integration between different security tools inevitably increases operational inefficiencies. Without integration, manual tasks such as correlating log reports from different systems and assembling compliance
reports waste the time of highly paid cybersecurity professionals and distract from
more strategic work.
Architectural silos also create redundancies in the management of applications.
A plethora of point products require a more significant set of specific product skills to be represented on an overworked cybersecurity team. They can also result in higher software and hardware licensing costs—and the staff time to administer the multiple licenses. These factors can significantly increase the overall operational expenses.
Manufacturers are adopting cloud-based services at a rapid clip.16 Many now have cloud-based manufacturing resource planning (MRP) and enterprise resource planning (ERP) systems. These systems often pull data from both IT and OT systems for quick and effective decision-making, a process called digital twinning. Cloud-based solutions are also routinely used for services that impact customer experience.
Protecting cybersecurity for these assets is critical, meaning that an organisation’s integrated cybersecurity architecture must extend from the data centre to OT systems to multiple clouds.