The threats from tech advancements
Each year leads to new, exciting, and innovative advancements in technology. Recently, we have seen the rise of Robotic Process Automation (RPA), Artificial Intelligence (AI) and the rapid onset of IoT (internet of things) – all aiming to make our lives easier through devices and automation, says Andy Stevens, business director, Nouveau Solutions.
In fact, for many years, automated technology has been widely used in both critical infrastructure and industrial operations, such as major plants (water and sewage treatment), factories, warehousing, as well as logistics, steering and stabilising ships and aircraft. It is also deployed for switching in telephone networks, traffic light systems and many other applications. And, all with minimal human intervention, but as cyber-crime is increasing year on year what are the potential threats to these critical systems?
Nouveau recognises that the increasing complexity of networks in businesses is driving the convergence between Operational IT (OT), which is the hardware and software that detects or causes a change, typically in industrial equipment, assets, processes and events, with Information Technology (IT) that characteristically involves interaction with people, processes and the capture of data and use of information.
Previously coexisting the dawn of the Industrial Internet of Things (IIoT) blending with network sensors and software associated with complex physical machinery is just one of the ways in which the space between OT and IT is rapidly disappearing. Optimised business processes, better information for clearer decision-making, reduced costs and lower risks are all benefits to the merging of these two worlds. Yet, as the gap closes it is also exposing previously inaccessible systems and critical infrastructure to the potential of being hacked by terrorists or cyber criminals.
Stevens said: “Many industrial devices and controllers in OT have been deployed for decades and although functioning well are typically sitting on early versions of old operating systems that are no longer supported and are open to vulnerabilities. Nouveau is able to offer security consultancy based on decades of experience and in-depth knowledge.”
He added: “A lot of these old automated controls are not always being addressed for security measures as the people working in this part of the organisation are generally more focused on the delivery of the services that they’re providing rather than the secure aspects of it.
Nouveau is now part of a larger group, one of the other companies within the group works with automation and controls and this has enabled us to identify different levels of threats and identify gaps within automation protocols.”
Nouveau helps companies to have a greater visibility to gain awareness of any device, anywhere on the network and to determine the degree of trust. It then needs to be continuously monitored to maintain a level of trust. Network segmentation and micro segmentation provide a layered and levelled approach with zones of control, while quarantine and sandboxing prevent threats before they can act. Continuous analysis of behaviours helps teams learn more by gathering intelligence about known and unknown threats. Through a central security platform, Nouveau is able to monitor logs, events, reporting and analytics allowing the team to evaluate activity collected across the system to identify and then eliminate threats.
Earlier this year ransomware halted production for days at parts manufacturer ASCO, one of the world’s largest suppliers of airplane parts. The company had to cease production in factories across four countries due to a ransomware infection reported at its plant in Zaventem, Belgium.
“At Nouveau we know that IT security and compliance are crucial areas of business that will demand even greater awareness and constant proactive security management as these two worlds meet. Security threats are becoming more complex, constant, sophisticated and difficult to detect. The convergence of OT and IT to support the way many organisations need to operate means that security has never been so vital,” warns Stevens.
Nouveau Solutions is a specialist IT managed services company with a strategic focus on delivering cloud, infrastructure, compliance, network and security solutions throughout any business. With in-depth knowledge and experience of the seven levels of security required, Nouveau can help to deploy a robust, yet flexible, managed IT security policy that safeguards your operational assets as well as your IT systems and data.
