Podcast: Manufacturers are abandoning analog and embracing digitalization to stay competitive and secure
Christina Hoefer is vice president of global industry enterprise at Forescout, a cybersecurity company. Forescout works to identify, protect, and help ensure the compliance of all managed and unmanaged cyber assets. Over the past 15 years, Christina has worked with critical infrastructure and manufacturing organizations to secure their digital transformation and especially their OT environments. Christina recently spoke with IndustryWeek editor in chief Robert Schoenberger about the convergence of IT and OT and how manufacturers can embrace digital transformation.
Below is an excerpt from the podcast:
RS: Digital transformation really gained momentum in 2023, and it looks like it will keep rolling in 2024, especially for small and midsize manufacturers. Can you give us your take on beginning to break away from these analog processes? Where should companies begin?
CH: Yeah, that's correct. So, it's no longer sufficient to just look at, you know, analog processes, siloed teams, and tools. The thing is digitalization brings a lot of competitive advantages and improves the process. The whole production gets more efficient because we can have analytics. But you know it also exposes vulnerable systems, and it connects those OT systems that were never designed to be connected, for that whole connectivity with corporate systems or internet facing to even work. So that leads to an increased attack surface that we need to monitor and secure, and the first steps that organizations can take is to, well, gather these insights, you know, into assets, how they connect, do they have connectivity?
Did vendors potentially bring in remote access solutions? We see this a lot of times, that there are actually a lot more connectivities. From OT systems out of the network, you know to remote sites, to contractors and this, of course, means that we have increased. And I don't mean let's do this with pen and paper. The best thing is to have some database or monitoring system where we can consolidate this information because we might have to go back to this information when there is a cyber risk to make sure we aren’t exposed to this threat. What do we need to do? I don't know if you know, but there was this incident somewhere in some hardware system where OT was to shut down preemptively because they just didn't know if it would be affected if there would be a way for the IT attack to spread through the network and affect OT.
RS: So, moving on, it's obviously important for data and cybersecurity if vulnerabilities in mixed digital and analog environments are addressed and automated. What are examples, the most egregious, of gaps in risk management? What are the ones that are what are the ones to NO LONGER do or to try to get away from?
Smart Industry covers the digital transformation of manufacturing and the IIoT for industrial professionals.
CH: Well, the first problem that we often see is that, you know, suddenly the CISO is responsible for managing OT security, and then the security teams bring in their IT tools without considering the context of the OT system. You know, patching may not be possible. It may not be compatible with the operating systems. So, we must take into account that OT systems may need different controls, different ways to secure.
The second part is working in silos, you know, like letting the OT folks figure out the security for their systems, letting IT do their part. And then you often have gaps in … those mixed environments, but also the OT guys, they're responsible to keep the production process running, the factories safe. We don't have a security background, so it's best if we work together. Everybody's leveraging their strengths. That way, we can succeed.
I've talked a lot to people over the past few years about the cultural differences. Yeah, the OT mandate for the past 50 to 75 years has been getting more product out of the door. Anything that slows down production is the worst thing that can happen. And you mix that with the IT mindset of we need to protect our systems as much as possible there. There's this disconnect between the two.
About the Podcast
Great Question: A Manufacturing Podcast offers news and information for the people who make, store and move things and those who manage and maintain the facilities where that work gets done. Manufacturers from chemical producers to automakers to machine shops can listen for critical insights into the technologies, economic conditions and best practices that can influence how to best run facilities to reach operational excellence.
Listen to another episode and subscribe on your favorite podcast app
About the Author
Robert Schoenberger
Robert Schoenberger has been writing about manufacturing technology in one form or another since the late 1990s. He began his career in newspapers in South Texas and has worked for The Clarion-Ledger in Jackson, Mississippi; The Courier-Journal in Louisville, Kentucky; and The Plain Dealer in Cleveland where he spent more than six years as the automotive reporter. In 2013, he launched Today's Motor Vehicles, a magazine focusing on design and manufacturing topics within the automotive and commercial truck worlds. He joined IndustryWeek in late 2021.