The following presentation was delivered at the 2023 GCCA Cold Chain Conference in Cape Town , by cybersecurity expert and 30-year veteran Charl van Niekerk , CEO of 2TS , on the topic ‘ Industrial Systems , the New Frontier for Cyber Attacks ’.
ASSOCIATIONS
Navigating the rising threat of cyber attacks on industrial systems Edited by Eamonn Ryan
The following presentation was delivered at the 2023 GCCA Cold Chain Conference in Cape Town , by cybersecurity expert and 30-year veteran Charl van Niekerk , CEO of 2TS , on the topic ‘ Industrial Systems , the New Frontier for Cyber Attacks ’.
There is a parallel between cyber threats and cancer – the silent and often undetectable nature of both . In this scenario , there is an important role for preventative measures , including regular screenings and vigilance to detect it as early as possible . In the same manner , preventative cybersecurity practices including specialised analysis are vital in preserving the health of industrial systems involved in the cold chain .
HVAC & R businesses ought to pose the following critical question of their organisation : does their business have a dedicated cybersecurity budget , solution and personnel ?
While there is a myriad of components to any business , facilities are the lifeblood especially when it comes to refrigeration and maintaining cold rooms , but also billing systems , emails and comms lines – and many cybersecurity strategies do not adequately protect this crucial aspect of operations . There is a need for a strategic shift in focus from convenience to critical infrastructure when allocating resources for cybersecurity .
There may be potential skepticism about allocating resources to Operational Technology ( OT ) which poses distinct challenges with fundamental design differences between Information Technology ( IT ) and OT , emphasising the need for a tailored approach to secure industrial systems .
CONFIDENTIALITY VS CONVENIENCE : A BALANCING ACT
One must stress the confidentiality-driven nature of OT security given the reluctance to implement changes that might disrupt critical processes . In sharp contrast with the ever-changing landscape of IT , there is a compelling case for the necessity of a more stable and resilient security framework for industrial systems .
There are distinct protocols governing IT and OT communications . While IT environments are changing constantly , operating on a handful of universally adopted protocols , this creates a complexity which acts as a shield , making it challenging for attackers to penetrate and exploit vulnerabilities .
OT environments are the exact opposite : they are characterised by a multitude of unique , industry-specific protocols that are based on ‘ set and forget ’ – like cooling temperatures . With cold storage , change to temperatures means disruption and loss of income . One can ’ t put something in and just forget about it . Every new device or sensor comes with its own protocol as they were not connected to the outside world , and there can be thousands of them – which is why it is difficult to effect change and it is simply left alone for 10 or 12 years .
Images by © Cold Link Africa
Charl van Niekerk , CEO of 2TS .
So why is this relatively simple scenario becoming the new frontier for hackers ?
Companies ’ aging technology within industrial systems is a significant vulnerability . As the fourth industrial revolution unfolds and the pandemic accelerated digital transformation , the once-isolated networks of industrial systems become more interconnected . The convergence of old technologies with new threats posed a daunting challenge , making industrial systems a new frontier for cyber attackers . Businesses need to recognise the evolving threat landscape and prioritise robust cybersecurity measures for their industrial systems . As these systems become more interconnected , the need for a proactive and specialised approach to cybersecurity becomes paramount .
Lizelle van der Berg , past director of GCCA Africa , introducing the speaker .
The lessons learned from the healthcare / cancer analogy underscored the importance of early detection and prevention in safeguarding the health and vitality of industrial infrastructures .
Seismic shifts have occurred in recent years , transforming the cybersecurity landscape for industrial systems . Remote work , once deemed inconsequential in these environments , has become a reality . The convergence of IT and OT has further complicated the cybersecurity dynamics , creating new vulnerabilities .
What has had a profound impact is remote access on industrial systems . The traditional belief that these systems were secure due to their isolation from external networks has been shattered . Remote work has provided a gateway for cyber threats , altering the
6 www . coldlinkafrica . co . za COLD LINK AFRICA • July / August 2024