Everyone knows about IT and its importance to the general functioning of a business, but the rapid advances in operational technology (OT) is becoming a game-changer for industrial organisations as cyber attacks and safety risks mount.
Unlike IT, OT secures and manages an organisation’s entire industrial operation and is therefore well geared towards companies like mines, power plants and manufacturers, making it especially important in Africa. Koos Fourie, technical director at industrial digital solutions provider Sedna, says while OT has received a lot of attention recently, adequate OT Governance processes and policies are still not in place to maximise its full capability to mitigate heightened risks.
According to Deloitte 90% of OT sector companies have reported at least one security compromise to their infrastructure in the previous two years resulting in the loss of confidential information or disruption to operations. “A rise in automated systems is giving the sophisticated and relentless cyber criminals more opportunities and avenues to attack organisations,” says Fourie.
Managing the successful convergence of information and operational technology is therefore central to achieving competitive advantage, he adds. OT devices mostly interact with other machines, such as industrial control systems, to ensure these assets are operating correctly and to do this they will automate, monitor, and manage the operations of that machinery.
“But this software, based on custom protocols must be able to communicate with the IT systems to ensure operational continuity and a digitally secure environment. These two worlds are moving closer together,” explains Fourie.
Internet of Things (IoT) devices, for instance, enable industrial processes to be remotely monitored and managed from a central location, allowing organizations to achieve greater efficiency and productivity. But specialised OT solutions are needed to avoid any disconnects with these physical networks.
“This is why enhanced firewalls and safeguards are needed that do not interfere with the usual running of the business, but manage the control of legacy systems through improved network segmentation,” says Fourie.
There is, however, no one-size-fits-all approach as a clear understanding of the risks and vulnerabilities of each system is needed, as well as which regulations apply. Companies must also ensure they have a clear understanding of which regulations are applicable, for instance which limits on spectrum and total radiated power apply where a private LTE system is being deployed at a mine, or whether equipment that transmit power signals underground is certified by ICASA and intrinsically safe for firery mines. “Lapses in standards means immense damage and losses, as well as reputational damage,” says Fourie.
Fourie says Sedna’s experience in rolling out industrial-specific solutions shows that while the right infrastructure may be in place across many industrial operations, better management, integration and enhanced safety protocols remain in high demand. Sedna installed Africa’s first licensed spectrum LTE private wireless network deployed Africa’s first underground “leaky feeder” and remains a pioneer in the field with operations on three continents, and so remains at the cutting edge of latest developments.
“These solutions are mission critical but cannot be segmented as an instrumentation function alone, for instance. The system must be engineered to look at both sides and have protocols to avoid broad risks like a cyber attack, or a safety emergency from creeping in and damaging bottom lines or costing lives,” says Fourie.
Effective management of personnel is another key part of the process of improving the way OT is integrated and managed in an organisation. This includes ensuring that staff are aware of the risks and their responsibilities. “Change is needed to ensure critical risk processes are understood as many personnel often do the right things, but are not managing things that could become risks,” he explains.
Solutions include establishing clear roles and responsibilities for personnel and ensuring that they are properly supervised and monitored. Additional controls like planned audits on OT governance to test recovery times and stress testing whether everything works as it should are equally critical.
“This can help to identify potential security breaches and allows for rapid response and remediation in the event that an incident occurs. However, it is too often overlooked,” he says. This comes as hackers are growing increasingly brazen and looking for weaknesses to exploit.
“We have been warding off quite a few hack attempts lately and these are increasing but also becoming more subtle – for instance these hackers will take their time and study systems, gathering information gradually and getting comfortable before striking. Businesses must not be caught asleep at the wheel but increase their guardrails through OT as a result,” concludes Fourie.
