As the figure suggests, there are many areas where people, process, and technology overlap between the IT and OT ecosystems―areas where respective strategies need to be in sync. The reality of these technologies and how they are used, however, is often markedly different. OT system-related investment decisions are often made on the factory floor by leaders within operations, with less involvement from corporate IT and security departments. This can lead to a myriad of different technologies, often with different security control capabilities, that will likely need to be integrated into and then managed using existing IT network infrastructures. Considering the speed with which some manufacturers have added technologies like cobots to meet physical distancing guidelines during the pandemic, there could be new risks from these efforts.
The convergence of IT and OT security can be a challenging task, since routine IT procedures, such as antivirus software updates or even patching, can lead to significant production disruptions, even potentially shutting down entire production lines. From the OT perspective, aspects of security can be overlooked when implementing advanced technologies and smart factory initiatives. Ongoing OT system security is not typically covered in the service-level agreements and contracts with system integrators and equipment vendors. Even when covered, these contracts rarely include statements for maintaining security controls, which by default makes it the responsibility of the business process owners. As a result, some large capital projects may omit any budget for ongoing security management of OT systems that could critically affect operations if they were targeted by an attack.
Beyond offering further insights relative to the IT and OT challenges inherent in smart manufacturing, the study offers a closer look at six smart factory use cases and their cyber profiles. Manufacturing leaders can learn more about each of these common use cases and their data types, owners, and potential entry points to help clarify threats and vulnerabilities and create a cyber risk mitigation strategy. With effective cyber risk management for smart factory initiatives, manufacturers can capitalize on the upside potential the Fourth Industrial Revolution brings and prevent themselves from becoming a victim of a future cyberattack.
Opinions expressed by contributing authors are their own.