Thailand’s manufacturing sector, vital for its national economy, took a significant hit from the pandemic. Hopes were buoyed as treatment, protocols and vaccinations started to take effect. Nonetheless, other geopolitical uncertainties have caused apprehension. Despite the uncertainties, industries are preparing for an economic recovery with technological advancements and hybrid work models in the past few years.

The rise of modern, smart devices in IT and OT has ushered in a convergence of systems as industries seek to automate, increase productivity, and accommodate the hybrid work model. However, although cyber-physical systems comprise the foundation of the critical infrastructure of industries, these also heighten security requirements.

The OpenGovLive! Virtual Breakfast Insight held on 26 May 2022 focused on the importance of automation and convergence of IT and OT systems in Thailand’s industries.

Keep the Machines Turning

Kicking off the session, Mohit Sagar, Group Managing Director & Editor-in-Chief acknowledges that the backbone of most industries or economies in the world is manufacturing. Without a doubt, the sector took a massive hit in the last two years because of COVID-19.

“And yes, automation came into play in a big, big way. But while we are automating things, and we are bringing in IoT and devices, to help us streamline our process, we are also creating lots of vulnerabilities,” Mohit warns.

People recognise simple things that they need to survive in the face of a massive threat. If individuals consider the threat – not just in terms of their personal plans – but also in the context of the entire supply chain, they realise that it takes only one link to break to cripple the entire supply chain.

Mohit acknowledges that there is a big gap between IT and OT; they are functioning almost as two separate entities, even under the same umbrella. To successfully progress, this dichotomy needs to be addressed in a meaningful way.

COVID-19 did happen – but machines must keep on turning. “People need to learn fast that if we work hard, and we work collectively, we can save ourselves,” Mohit emphasises. “But in doing so, we do not have to go on the journey alone. “

In conclusion, Mohit stresses the necessity of having the proper partners in place to safeguard a company’s entire IT and OT infrastructure. Experts can work in their space while organisation staff can concentrate on their key tasks.  In this way, not only will there be business continuity, but the output will increase rather than slow down.

Securing Cyber-Physical Systems and the XIoT

Vijay Vaidyanathan, Regional Vice President for Solutions Engineering of Claroty, spoke next on emerging cyber-physical systems and emerging threats.

To open, he shared how “55 billion new brute force attacks on RDP ports happened between May and August 2021.” Vijay asked to think about a facility with a lot of assets, a key piece of infrastructure or a hospital are all have systems that compute, control, network or analyse data for their operations -systems that operate in both the cyber and physical worlds.

“These systems’ security considerations transcend both the cyber and physical worlds known as cyber-physical systems,” he said.

Cyber-physical systems are vital to everyday lives as most businesses are undergoing digital transformation, and it is currently accelerating. However, some systems were not created with security measures –  as organisations become hyperconnected, these systems create susceptibilities.

Fragile systems quickly stand out in an interconnected setup and expose the entire chain to a host of threats. Online solutions mean that systems are on 24×7 with a wider landscape for bad actors to exploit, significantly increasing risk.

Vijay observes that the frequency of attacks is on the rise, particularly with ransomware, which has the potential of disrupting the entire supply chain by blocking one point. In an increasingly digital world, organisations can be attacked in diverse ways, at multiple points at any time.

Business continuity, increased production, operational agility and efficiency are what are driving organisations to adopt cyber-physical systems. Industries cannot achieve this without digital transformation, he acknowledges.

Similar comparisons and examples can be drawn from healthcare sectors that are undergoing digital transformation in their systems and data centres that rely on digital interconnectivity to serve their customers and provide service reliability.

Overall, the pandemic has driven an increase in remote access and more data transmissions from multiple locations over mission-critical networks.

While necessary, they do generate greater exposure to cyber threats. There is an increase in cyber-attacks where bad actors leverage remote nodes to compromise networks and operations. This is what is motivating organisations to safer innovation, secure transformations and reliable connectedness, as well as modifying unsafe postures and exposures.

In the final assessment, Vijay is convinced that organisations must embrace cloud technologies in addition to the rapid diversification of devices in the Industrial Internet of Things or Extended IoT. It enables them to safely expand and handle the massive amounts of data generated by their networks, allowing them to leverage it for a variety of purposes. Moreover, cloud intrinsically offers robust security requirements.

Manufacturing and Cyber Supply Chain Security

Leonard Ong, GE Healthcare’s Senior Director for Regional Cyber Security, elaborated on cyber resiliency in a digital and interconnected landscape.

Citing the 2022 IBM X-Force Intelligence Index, Leonard revealed that in 2021, manufacturing was the top industry experiencing the highest incident rates for cyber-attacks. Five years earlier, healthcare was the top industry favourite of cybercriminals. These trends show that as one industry strengthens its cyber security protection measures, perpetrators of cybercrimes merely find and shift to an industry it can lord over.

The scale of the impact, Leonard shared, can run up to US$ 300 million per incident as evidenced by the attacks on Merck and Maersk. The Maersk and TNT cases caused hundreds of millions of dollars in terms of lost business and clean-up costs.

Everything is interrelated and everything revolves around the cyber supply chain, including people, processes, technology and reputation. Services are being pushed through the cyber-supply chain, specifically the hardware and software.

In recent years, the approaches, tactics and procedures of cyberattacks have been studied, thus bad actors have changed their strategies on how they attack the company’s cyber-security. Some of the most widely used software programmes constitute security risks. Unfortunately, many, if not all, of these software companies have been compromised. Any business or product using the software could be targeted as well.

Manufacturing is experiencing the highest cyber incident rates. In 2021, cyberattacks in the sector increased to 23.2 % from the previous years and now, it is the most targeted industry.

Ransomware also affects many businesses and organisations. Although cyber insurance exists, it can only compensate the company for the costs they have incurred. Cyber insurance is not a solution for preventing cyber-attacks and is notoriously difficult to obtain.

With this, the manufacturing strategy for cyber resilience must also evolve and be preemptive rather than reactive or compensatory.

Manufacturing firms have spent most of the last decade unaware of the threat of the cyber-attack. Management is frequently unaware of potential risks, and most employees have little to no training in identifying and avoiding potential threats.

As cybercrime against the manufacturing industry reaches new heights and shows no signs of abating, these companies should be more cautious and learning about the top cyber threats for manufacturing companies is the first step toward developing a cybersecurity solution to protect their business.

Leonard emphasises that a dynamic approach allows an organisation to enjoy and benefit from the new technology while keeping its data safe. Admittedly, the process is easier said than done. Be that as it may, it takes a mind shift to start and be well on the way to a secure digital transformation.

Interactive Discussions

Delegates engaged in participatory conversations supported by polling questions following the enlightening presentations. This programme is intended to give live audience interaction, create participation, hear real-life experiences, and provide participants with professional learning and growth.

Delegates had the opportunity to learn from subject matter experts, discuss their experiences and take away methods that may be implemented in their organisations.

The first poll asked delegates if what transformation related to business and/or operations has impacted their organisation’s cybersecurity needs? ​ An overwhelming majority (50%) cited new age smart gen devices are increasing in operations and they are connecting to IT and/or internet; while other (35%) went to existing OT getting connected and converged with IT networks.

Leonard advised the delegates to not be afraid of new technologies because they bring higher levels of productivity, thus they must work together with cyber security and info systems.

On being asked where the delegates’ organisation’s mission-critical OT about their state cybersecurity: Most (42%) are optimising – they are integrating OT security with IT security tools and driving governance/resilience enterprise-wide. The second-highest vote (28%) related to visibility or identifying visibility of their assets and networks, identifying risks and security blind spots; and others (21%) said awareness that they recognise and commit to addressing OT cyber security.

Leonard acknowledges that different organisations have different risk tolerances and it is safer to have their data server in the data centre.

Many consumers say they’ve done the assessment, but they’re still unsure what they should correct and how they should repair it, according to Vijay. He went on to say that on the IT side, they have their systems optimised for security, while on the OT side, they have a small number of customers that are ready to begin integrating IT and OT.

The third question asked the delegates about their opinion on what cyber security defence strategy would bring them immediate and big benefits including reduction of exposed risk. A majority (57%) opted for vulnerability assessment while over a third (35%) indicated zero-trust secure remote access. For the others (7%), network segmentation and network policy management would offer immediate benefits.

One of the delegates opined that the assessment is the first step to bringing their organisation to a secure place. Zero-trust secure access is very hard, and they need to secure their systems with a hybrid work model.

On which aspect of cyber resilience strategy would be better suited to guide the OT cyber posture, a majority (42%) went with backups and restoration techniques. Over a quarter (28%) opted for segmentation; while the rest (21%) indicate table-top exercises, what-if analysis and mitigating action plans.

Vijay felt that all measures described in the poll question would strengthen any solution, especially the measures related to defence and resilience. However, because not all OT systems can have encryption, they will always have restrictions.

Looking at what delegates’ largest issue would be If they decided to roll out cybersecurity controls to OT, a majority (61%) say OT priorities such as safety and availability. About 15% chose OT mindset like complacency and state of denial and OT education like OT education on cybersecurity to bridge IT-OT on technology. The remaining (7%) indicated OT systems such as proprietary and specialised.

Leonard agrees that everything starts with a mindset while Vijay says a state of mind is sometimes a state of denial.

The final poll asked the delegates where they stand in terms of realising the benefits of cloud technology contributing toward digital transformation. Half (50%) believe they partially host apps and applications in the cloud while 40% opted for embracing cloud and a tenth (10%) are evaluating how they can embrace cloud (10%).

Conclusion

The Breakfast Insight concluded with remarks from Vijay who believes it is expedient to have several security measures in place. Irrespective, the best practice is to know the system challenges and limitations present in the organisation’s system.

“OT will always have limitations because not all OT systems can have encryption,” explains Vijay. “Thus, the best solution will be tailored to an organisation’s strengths, weaknesses, culture and protocol.”

Vijay, for his part, says that the starting point is always visibility as it is where organisations identify their vulnerabilities. After these weak points are known, companies can then add a layer of protection.

Organisations from different sectors can then extrapolate that visibility to important cybersecurity deliverables such as vulnerability management, risk profiling, Network Policy Management, threat detection, providing multiple sources of threat intelligence, and safeguarding remote access, among others.

Some organisations offer a platform that lays the groundwork for exposure. This includes visibility across the network’s assets, communication across processes throughout operating zones and visibility into remote connections into these mission-critical networks.

Leonard’s recommendations included evaluation and improvement of security architecture, a gradual and balanced implementation pace of zero-trust approaches, investment in the enhanced detection system and automation of security response.