Decoding ‘Digital Industrial’ with HPE at GITEX 2017: The Cyber Security Imperative
By Chris Sandford, Senior Director Middle East and Africa at GE Digital
When I’m asked to sum up what’s at stake when talking about cyber security in the industrial space, I put it this way: To be connected, you need to be protected.
Today, the reality is that – whether it’s competition in manufacturing, low prices in many commodity sectors, or pressure on power plant operators – organizations must adopt digital industrial solutions to remain competitive. This means connecting equipment, plants, sensors, data, and other assets to the internet and to the cloud.
But as we all understand from the world of IT, an internet-connected device can be a vulnerable device when it comes to cyber criminals and other threat actors. Even air-gapped systems can be compromised through devices such as USB flash drives.
Meanwhile, organizations – including many in the Middle East and Africa – are beginning to adopt digital industrial solutions, but sometimes without the necessary industrial-strength cyber security.
The problem is compounded because these digital industrial technologies often involve connecting an industrial facility not simply to the internet, but also to the IT and operational technology (OT) systems that belong to suppliers, customers and other partners.
The risk is that a cyber attack or network compromise can come via any of these connections, whether or not they are under the control or supervision of the organization operating the industrial asset at risk.
Cyber security is strategic
Because GE has made a fundamental commitment to digital industrial solutions across our manufacturing operations and many of our other businesses, cybersecurity is a strategic imperative.
For us and for our GE Digital customers that are adopting digital industrial solutions built on the cloud-based Predix, GE’s platform for the Industrial Internet of Things, data and industrial commands must be able to flow securely across both private and public networks and cloud infrastructure.
Predix is itself built for security, with edge-to-cloud data protection, security standards support, full tenant segregation and access controls, and a 24×7 Predix Security Operations Center that monitors the data traffic moving across the Predix platform. Predix is the first software platform specifically designed with the security, big data bandwidth, and reliability required for industrial systems.
One challenge for OT systems, industrial control systems (ICSs) and other industrial networks is that traditionally, they have been built to be open, with access unrestricted and the design priority focused on ensuring availability to operators. With digital industrial now connecting these systems to the internet – whether or not they are air gapped – unsegregated networks represent a major risk.
A weakness, far from the target asset
As noted above, industrial systems are increasingly integrated into much larger networks that not only link physically disparate assets of one organization, but also multiple interlinked organizations and assets.
Smart power networks are one example, where generation assets, distribution lines, and end-user equipment are all sending data across various networks. A weakness not just at the power plant, but as far away as a consumer’s smart home device could, theoretically, create a cyber vulnerability leading back to the power plant.
Today, there must be a revolutionary mind shift regarding cybersecurity in the industrial space, particularly in this region, where disruption or damage to oil and gas installations, power and water desalination plants, telecommunications assets, and government entities have an outsized impact on local populations, environment and economy.
The most advanced physical security solutions have been implemented on these assets. This same sense of urgency is now required in the digital realm.
In addition to the structural security built into Predix, GE also helps digital industrial customers address industrial cyber security through its cyber-security protection OpShield appliance.
Visibility down to the command level
We have several examples of how customers have used OpShield technology to find inappropriate activity on the network. In one case, a third-party device using Windows 2005 had been compromised, causing other equipment to shut down. Once this device was identified by OpShield and disconnected from the system, the equipment resumed operations.
Another example occurred at an offshore oil production facility. When we deployed OpShield, it showed that two program logical controllers (PLCs) connected directly to the internet were communicating with another device located outside the company’s network. There was no immediate threat coming from that outside device, but a malicious actor could have used that device to enter unnoticed into the OT network operating the offshore facility.
It’s essential and urgent that we get industrial cyber security right. Unless we can protect the availability, the authenticity, the privacy and the integrity of data and identities across networks, we won’t be able to really unlock the astounding opportunities that digital industrial solutions offer.
This week at GITEX, one of the premier digital events in the region, GE is showcasing cybersecurity solutions in partnership with HPE. Read more about that partnership here, and visit us on the HPE booth Sunday-Thursday to speak with our international industrial cybersecurity experts.
Learn more about GE’s cyber security solutions here and more about GE’s digital industrial solutions in the region here.