The evolving role of the CISCO

Published:  28 February, 2019

It's a simple fact that data makes the modern economy turn. Being the first business to act on insights gained from pivotal pieces of information gives businesses a distinct competitive advantage. However, it's also quickly becoming a fact that the same data is being targeted by skilled cybercriminals intent on causing damage to infrastructure. Robin Whitehead (pictured), managing director of systems integrator Boulting Technology, explains how this is impacting the role of the chief information security officer (CISO) and resulting in the need for end-to-end digitalisation.

With the world facing sophisticated attacks such as the likes of WannaCry, Petya and NotPetya in 2017, cyber threats are the biggest modern technological fear. Although sectors such as financial services are most at risk, there have also been numerous high-profile attacks on utilities, oil and gas and food manufacturing environments in recent years.

On 27 June 2017, confectionary manufacturer Cadbury was hit by a cyber attack, which halted production at its Hobart factory in Australia. Computers were infected with the Petya ransomware virus and displayed a message on the screen demanding payment in crypto currency.

Later that same day, NotPetya — a variant of the Petya virus — further damaged facilities across Europe. NotPetya exploits a backdoor in the update system of a Ukrainian tax-preparation programme running on Windows and used by around 80 per cent of all Ukrainian businesses.

The new CISO

It should come as no surprise then that the advice of IT and security experts is now being sought at the highest levels of business. The role of the chief information security officer (CISO) is also changing in response. Acting as the head of IT security, the CISO has traditionally been responsible for things like operational compliance and adherence to ISO standards as well as performing IT security risk assessments and ensuring that the business is using the latest technologies.

Increasingly, the CISO must also drive IT security and strategy, guiding everyone from the shop-floor staff to the most senior officials on how best to prevent cyber attacks. The modern CISO now takes a seat at the boardroom table, ensuring business continuity, come what may.

End-to-end digitalisation

For industrial businesses, this change cannot come soon enough. The desire to integrate manufacturing networks with the outside world and the increased use of smart data is driving efficiencies in sectors from food and beverage, and automotive to utilities. At the same time, it's also leaving them vulnerable to attacks that can lead to extended periods of downtime.

Part of the reason for this is that many businesses have traditionally operated in silos, with information technology (IT) and operational technology (OT) experts not historically well aligned to the same objectives and outcomes. However, as we increasingly use more internet-connected devices such as PLCs, HMIs, intelligent motor control centres and smart meters — all relaying millions of data points to centralised and often remote SCADA and ERP systems — it will become crucial to take a joined-up approach to industrial operations. Cue end-to-end digitalisation.

For many businesses, replacing hardware and software to allow functionality such as real-time cloud data, analytics and centralised control across every aspect of their operations is neither a cheap nor fast-acting undertaking.

After all, most plant managers have built up a complex system over many years, retrofitting new components and modules to existing equipment. This is driving the need for end-to-end digitalisation, moving away from fragmented system control, maintenance and upgrade towards a holistic approach that encompasses system-wide analytics that can deliver actionable insights to improve process efficiency.

So, while we come to the realisation that cyber attacks are simply a normal part of doing business, take heed of your CISO's advice and rethink your end-to-end digitalisation strategy.

For further information please visit:

www.boultingtechnology.co.uk

Sign up for the PWE newsletter

Latest issue

To view a digital copy of the latest issue of Plant & Works Engineering, click here.

View the past issue archive here.

To subscribe to the journal please click here.

Poll

"How is your manufacturing business preparing for a net Zero target?"






Twitter

Events Diary