How to combat security risks emerging with the new industrial revolution

24 April 2017 by Jostein Jensen
At the core of industrial digitalization we find good utilization of data. And good utilization of data is paving the way for the next industrial revolution.

We can collect sensor data from industrial IoT (internet of things) environments, combine the big data sets from sensors with external information sources, and run this through artificial intelligence modules to get new and improved operational insights, leading to better decisions. All of this is enabled by cloud technologies and virtually endless resources for data storage and processing.

Follow us on Linkedin

I truly believe that that we need to grab the opportunities offered by new technology and increased digitalization. As a cybersecurity expert, however, my job is to identify negative risk and be the skeptic pointing to slightly negative aspects of the increased digitalization. This includes the consequences if someone breaks the patterns of our industrial use cases and the impact of malicious attacks on our digital infrastructure and data.

I need to ask questions such as:

  • What happens if our, and our customers’, most secret industrial data is disclosed? Can the competitive situation turn, and how could it harm ours and their reputation?
  • What happens if our sensor data is manipulated by an unauthorized third party? Can we trust the data driving our decisions? What happens when we can no longer trust our information?
  • How will our process control systems and automated processes react to malicious attacks?

Read also CTO Chrisitan Møller's blog: How do we create a truly intelligent systems?

Operational technology meets information technology

We seek to combine the best of two traditionally separate domains in the new industrial revolution. Operational technology (OT) and information technology (IT).

Since OT environments interact with the physical world, and errors can cause environmental hazards or loss of lives, they are highly regulated and traditionally physically separated from other networked environments, such as the internet. They are accessible by few. Safety is a key concern.

Read CEO, Hege Skryseth, blog about Kognifai - our open ecosystem 

IT environments, on the other hand, are designed to be highly interconnected and accessible by many. Well implemented IT systems and services have proven to be of strategic value to most businesses, and the world’s most innovative and valued companies are IT and digital data-driven companies. Even though privacy and security are key concerns in IT systems, history has shown that most businesses are only a few steps away from a security breach.

I figure you get the picture: If we do not handle the industrial digitalization process in the right way, cybersecurity breaches may impact the physical world. And we know that adversaries can cause physical damage on the other side of the world. Nowadays, we see news about cybersecurity breaches every week.

How to achieve a safe and secure system

I am confident that the industrial revolution is for our best. As a cybersecurity professional I also know that we can build industrial systems that are both safe and secure if we go about this in the right way. The solution is dedication and hard work in several dimensions:

  • We need to work with human factors. All actors in the value chain need to know their responsibility, and how they can contribute. We need to empower all employees with the right knowledge.
  • We need to work with the technology dimension to ensure that the design principles and design assumptions between the IT and OT domains are aligned, and that security is built in based on a holistic architecture – taking the threats towards both worlds into consideration.
  • We need to work in the organizational domain to define the roles and responsibilities both within an organization and within collaborations, work actively with risk management, and ensure that cybersecurity receives the strategic management attention it deserves.

Positive impact versus security risks

The industrial domain is complex. The stakeholders are many, and cybersecurity is a shared responsibility throughout the entire value chain. The weakest link will break first.
When we do cybersecurity right, the positive impact of connecting systems and utilizing the extremely valuable data assets outweighs the associated downsides and security risks.


About the writer
Jostein Jensen
Jostein has a Ph.D. in information security from the Norwegian University of Science and Technology (NTNU) and comes to Kongsberg Digital from the Norwegian State Educational Loan Fund, where he has led the security work and targeted his efforts on improving the cyber resilience of the organization. His previous positions as an officer in the Norwegian Armed Forces and an ICT and security research scientist with SINTEF has contributed to his extensive knowledge of information security.