Just as kids in the higher grades know more than their younger classmates, business and mainstream computing have been digitized, networked and subject to cyber-threats longer than their plant-floor and industrial counterparts. Because they have more experience dealing with cyber security, information technology (IT) departments also have more knowledge than their operations technology (OT) counterparts about how to protect against probes, intrusions and attacks—even though compromised credit card numbers or stolen intellectual property aren't as serious as hijacked, damaged or destroyed process systems and injured or killed personnel. The good news is that OT is catching up by using more IT-style tools.
"In the age of pneumatics, there was less accuracy, limited access to data and few security risks, but in the age of electronics, we've had increased accuracy and data access along with increasing security risks," says Keith Dicharry, process control and automation director at BASF North America in Florham Park, N.J. "And now, with today's digital technology explosion, we have floods of available data and ever increasing accuracy and verification, but increasing risks to the security and safety of our assets and to our ability to limit access to mission-critical data.
"Remote access and remote control have become real, but this has meant open portals, limited restrictions and increased access. We have more accessibility for better collaboration, but this means everyone has a key. We've gained new ways to improve efficiencies, but now data floods across the Internet and intranets. We do a layered, defense-in-depth cyber security strategy, nothing is ever 100% secure, and so we need to take all our data sources and pathways, and use effective automation to make them more secure and reliable."