| |July 20208CYBER SECURITY FOR INDUSTRY 4.0 or the past decade we are seeing the tremendous growth of industry 4.0 where physical and virtual systems are converging to provide smarter business outcomes. Some examples include smart cities, smart grids, analytics for predictive maintenance, AI and ML based solutions for improving the industrial systems and critical infrastructure like energy, water, transportation, healthcare etc. Cyber security professionals are redesigning their programs to include safety and reliability aspects to address the risks of industry 4.0. Traditionally, information security efforts were focused on confidentiality, integrity and availability aspect of the data.During the recent nuclear data security event that occurred in India, there were several conversations around the physical and network separation between the operations technology systems and IT systems. The architecture is converging in several critical infrastructure industries like energy, transportation, water, health care etc. Leading industrial organizations want to harness the power of cloud-based technology platforms to bring efficiency and cost savings by analyzing the sensor data from machineries.Like any other business critical initiatives, a successful cyber security program requires management level commitment and investment. Board level discussions are required to align the business strategy with cyber security strategy. Organizations that are in industrial transformation need to evaluate the safety, reliability and reputation risks. Adoption of industry 4.0 is geared towards modern computing and analytics capabilities. Management needs to understand the end to end impact of integrating the data from industrial assets with modern IT capabilities. · A strategy must be in place for industrial assets that are operated in an isolated and physically secured environment to connect safely and securely to the modern compute facilities that are connected via open internet. · Adversaries will exploit any weaknesses in the connectivity to bring down a utility grid or a manufacturing facility and cause damage to human life and the environment at large.· Organization structure of factory operations that are handling industrial technology assets and enterprise operations managing information technology assets needs to be reviewed for alignment with industry 4.0. · There needs to be stronger partnership with the national government and the industries to make sure the critical infrastructure is protected from threats posed by foreign powers. At the tactical level, getting ready for industry 4.0 and digital transformation starts with a preparation of a methodical blue print that includes cyber security considerations around safety, reliability, availability, integrity and confidentiality. Goal is to take care of the human safety by training people and creating process and policies that enable technological outcomes.Though there are several IT security frameworks and standards such as ISO 27001, SOC 2, COBIT, ITIL etc., organizations must leverage ICS standards and guidelines listed below:- NIST SP 800.82.r2 ­ Guide to Industrial Control Systems SecurityBy Navarasu Dhanasekar, CEO, Ampcus Cyber Inc. F IN MY OPINIONNavarasu Dhanasekar is a visionary leader in the cyber security, IT Security, IOT/ICS/SCADA Security, compliance, process improvement and assurance services industry. He is currently the CEO of Ampcus Cyber Inc., a pure play cyber security services and solutions startup based out of Chantilly, Virginia, USA with offices in Silicon Valley and other global locations. Navarasu Dhanasekar, CEO
< Page 7 | Page 9 >