“Cyber security for OT is very different from IT cyber security and requires a different approach,” says Marcel Jutte, managing director at Hudson Cybertec. “IT is mostly about the automation of office environments, whereas OT is primarily about processes. The Botlek has a large OT domain in the field of chemicals and refineries. If something were to go wrong in an OT environment, Jutte explains, you have completely different consequences compared to an IT environment. “A factory control error in the chemical sector can have consequences leading to explosions and even death.”
Planning and preparing changes in OT often require specialized knowledge. Even if you are going to test something, preparation is key.” Another characteristic of OT is “legacy” equipment, as Koning calls it. In other words: old operating systems that have not been replaced or updated because this requires production process to be shut down. “A system that has been in operation for twenty years is no exception. Old equipment increases the chance of vulnerabilities.”
Koning advises companies to include cybersecurity in the requirements to suppliers and system integrators. “Of course, each company is responsible, but it is important to include the entire supply chain.” In conclusion, Koning warns not to take the cyber threat too lightly.
“If you don’t know your network, you can’t take measures,” says Sebastiaan Koning of Hudson Cybertec. We can map which assets are in the customers systems and how they communicate with each other. Suspicious activity from the captured data streams is part of the generated reports. “Allowing you stay in control and take appropriate steps.”
Source: Europoort Kringen – August 2020