The Role of Cyber Security in Operational Technology

Adopting a holistic security strategy ensures a good degree of protection of IT and OT assets. Here are the solutions and best practices to make the most of SOC capabilities and skills

“SEO is a marketing function for sure, but it needs to be baked into a product, not slapped on like icing after the cake is baked.”

Duane Forrester

The phenomenon of digitalization is also drastically impacting the world of  Manufacturing , traditionally closed and less receptive to innovation. The fourth industrial revolution, in fact, has brought intelligence to the machine , opening the way to numerous opportunities: from supply chain optimization to predictive maintenance up to servitization enabled by the Internet Of Things. 

However, the meeting between the typically separate worlds of Information Technology (IT)  and Operational Technology (OT)  that characterizes Industry 4.0 presents the downside: the threats that afflict the sphere of information technology inevitably fall back. on industrial systems, exponentially increasing the risks for the company. 

To ride the wave of Smart Manufacturing, adequately protecting the business, it is possible to adopt a strategy based on a  proprietary framework  for the assessment and solution of vulnerabilities, as well as on the 24 × 7 support of a  SOC (Security Operations Center)  such as the one offered by  Wiit , an Italian provider specializing in hybrid cloud services and IT security. 

Customized Security Solutions

The company’s proposition starts from a very specific assumption: any cyber security plan must be built ad hoc, around the specific needs of the company. 

«Any organization – explains  Davide Capozzi , Director of Corporate Innovation Services at Wiit – has different protection needs, which vary according to the technological system, the information handled, the degree of exposure to threats and so on. This is why, even in the field of security, our mantra is to build customized solutions, based on the company’s peculiarities ». 

Wiit, therefore, has developed a proprietary framework to measure the level of security related to customers’ IT infrastructures. «In reality – explains Capozzi – we have developed this model in response to an internal need , to evaluate and optimize the protection of our datacenters. It goes without saying that for Wiit, security is a critical factor, on which the brand reputation and trust of companies depend. We then learned the methodologies and  best practices  from major IT consulting firms such as  Gartner  to build a  very practical framework, without many theoretical bundles, able to solve our needs. In fact, we needed a simple and quick method to intercept the areas where we would invest more in order to improve our degree of cybersecurity ». 

Wiit has been using this model for three years now to guide its strategic roadmap and, having seen the benefits, has decided to extend it to end customers as well. 

Thanks to the information acquired by interviewing the insiders (IT manager or technical staff for more specific coring), the framework allows the company to be assigned  scores  relating to the degree of security, probing the technological, functional and compliance aspects. «From here – continues Capozzi – we derive the improvements that can be introduced through the adoption or modification of services, products and procedures. Then we estimate the results achieved thanks to the interventions carried out ». 

SOC for all-round security

The needs of new smart factories place SOC at the heart of any security strategy and, in this sense, Wiit can offer a concrete answer. 

«Our team of experts – underlines Capozzi – is able to  manage the protection of IT and OT environments equally , with skills and tools to intervene on both fronts. Thanks to a  service provided in 24 × 7 mode , the SOC carries out constant monitoring and analysis of threats, also covering remediation operations with dedicated personnel ». 

Capozzi further insists on the need for continuous supervision («cyber crime never stops and does not go on vacation, on the contrary it uses the holidays to hit companies when they let their guard down») and on the importance of having  transversal skills . 

«Many attacks that arrive at industrial technologies – he declares – start from information technology. For example, an e-mail phishing attempt also affects industrial technologies. By having a SOC that knows both sides, Wiit is able to provide  360 degree monitoring and remediation services . We can detect if an OT level incident has a root cause in the IT world, so we can intervene directly to eliminate the problem at the origin ». 

In short, in an increasingly complex manufacturing sector, the guarantee of a partner with end-to-end security services becomes a fundamental strategic factor to ride the wave of Industry 4.0.