TechHub: The U.S. Cyber Crisis, Industrial Cyber Security & More News

Q&A: Mitigating Cyber Risk in Manufacturing Digital Transformation


The 2018 Industry 4.0 ThinkTank kicked off the year for industrial transformation in Chicago, bringing together manufacturers and provocative thinkers, industry leaders and experts.

Couldn’t make it to Chicago? No problem.

GrayMatter’s Cyber Practice Lead Scott Christensen brought back his insights to share an exclusive, all-access look at mitigating OT cyber risk in this Q&A after serving as a panel member.

Q: What was the best success story you have?

The best one I have is a conversation with a manufacturer who said they’re going to re-architect their systems and how they’re going to go about cyber OT.

Typically, when it comes to OT cyber strategy, it’s a battle of kingdoms between IT teams and production teams. No one is sure who owns cyber in the production world, creating a lack of convergence on what the best methodology is for going forward in cyber security.

Want to learn more? Take a look at the GrayMatter Cyber Security Guide for Operational Technology.

The manufacturer’s new way of going forward would involve a team made of both cyber IT security experts and production members, such as plant managers, operational engineers or the COO.

This brings the barriers down of who has ownership of cyber production within the network, creating a team that can work together to mitigate risks.

Take advantage of Scott’s insights — check out the rest of the Q&A.

Cyber Security Named Biggest U.S. Threat at Senate Intelligence Committee

The top intelligence agencies in the U.S. have pushed aside terrorism as the top national security threat. The thing to take its place? Cyber security.

The leaders of those agencies testified before the Senate Intelligent Committee this week during its annual “Worldwide Threats” hearing, according to CNet.

Director of National Intelligence Dan Coats said that cyber security is his “greatest concern” and “top priority,” in his opening statement. This puts it ahead of threats like terrorism and weapons of mass destruction.

This declaration comes after a long year of industrial cyber attacks like WannaCry ransomware, where critical infrastructures and industrial companies were put at risk around the world.

Sen. Richard Burr, the committee’s chairman, directed questions regarding cyber security and protecting critical US infrastructure, from computers to energy supply, at NSA Director Michael Rogers.

cyber security

Sens. Richard Burr (center) and Mark Warner (left) are worried about cybersecurity. Source: Alex Wong / Getty Images

“Cyber is clearly the most challenging threat vector this country faces,” Burr said. “It’s also one of the most concerning, given how many aspects of our daily lives can be disrupted by a well-planned, well-executed cyber attack.

Not sure if your operational technology is locked down? Get some advice from our cyber expert.

Rogers responded by discussing issues surrounding IoT devices, and the need for secure settings, to prevent major cyber attacks.

“If you think the problem is challenging now, just wait. It’s going to get much, much worse,” Rogers said.

The Center of Industry 4.0

One in five power plants will become digital plants by 2025 — a short seven years from now. The industrial sector is all aboard when it comes to industry 4.0, according to Susan Peterson, Digital Lead for APP Power Generation & Water, in IIoT World.

“Connected devices will enable new service models. Despite extensive automation, utilities will continue to rely on human collaboration and expertise,” said Peterson.

For those in power and water industries, two sectors rapidly adapting to digital transformation, focusing on the user experience and how digital will change how the operator works is an important aspect.

Helping operators grow and accelerate real gains from Industrial IoT is the key to new business models, creating a new way of working.

Yet, despite the enthusiasm for digitization in utilities, only 8% of utility operations are digitally mature.

This means there are still abundant opportunities within the sector, who’s worth is proven by small, tangible wins where value can be scaled.

Learn more about becoming a digital utility and creating intelligent systems.

Rather than being a deterrent, Peterson sees automation as an enabler. Power generation, for example, is one of the most automated industries today. We are at the beginning of a massive transformation in the power generation industry over the next few years.

It’d predicted that by 2019 — one year from now — 25% of the top 100 utilities will cut their IT costs by at least 30% by migrating IT infrastructure into the public cloud.

By 2020, 25% of utilities will incorporate performance management investments with sensor data to improve asset efficiency and reduce maintenance costs.

Embracing data and analytics as the driving force of digital transformation is the key to making businesses thrive. Interested in hearing more?

Check out our eBook for a better in-depth view on deciphering digital priorities and taking the first steps.

 

Q&A: Mitigating Cyber Risk in Digital Transformation

The Industry 4.0 ThinkTank brought together the U.S. manufacturing sector with provocative thinkers, industry leaders and experts to help simplify and humanize the Industry 4.0 digitization process. Couldn’t make it to Chicago? No problem.

GrayMatter’s Cyber Practice Lead Scott Christensen brought back his insights to share an exclusive, all-access look at mitigating OT cyber risk in this Q&A after serving as a panel member.

“It’s a battle of kingdoms between IT teams and production teams.”

Q: What was the best success story you have?

The best one I have is a conversation with a manufacturer who said they’re going to re-architect their systems and how they’re going to go about cyber OT.

Typically, when it comes to OT cyber strategy, it’s a battle of kingdoms between IT teams and production teams. No one is sure who owns cyber in the production world, creating a lack of convergence on what the best methodology is for going forward in cyber security.

Want to learn more? Take a look at the GrayMatter Cyber Security Guide for Operational Technology.

The manufacturer’s new way of going forward would involve a team made of both cyber IT security experts and production members, such as plant managers, operational engineers or the COO.

This brings the barriers down of who has ownership of cyber production within the network, creating a team that can work together to mitigate risks.

“They get in a state of paralysis, and it can be detrimental when decisions are at a standstill.”

Q: What insights did you get from manufacturing customers on their biggest cyber struggles?

The biggest struggle I recognized was people trying to overcome their fear of the unknown. Being afraid of doing nothing will cause problems, but people are also afraid that doing something will cause greater problems. They get in a state of paralysis, and it can be detrimental when decisions are at a standstill.

The best advice I can give to a manufacturing VP is to find the quick and easy wins to justify a cyber security program. Don’t try to accomplish everything at once, because that’s when the state of paralysis happens. Look for areas to show success for deploying areas in the production world.

“Understand what you’re trying to achieve, and move forward from there.”

Q: Have most manufacturing companies started a cyber plan?

That’s the interesting part – it’s a pretty even split. Those that establish through OT cyber, a lot don’t have modification based on digitization of manufacturing floor so they’re being thrown out.

The other half haven’t even touched OT from a cyber standpoint and don’t know how to begin mitigating risks.

I get a lot of questions like ‘how do I begin?’ ‘where do I even start?’ and ‘how do I look?’

Most people don’t understand what their assets look like, what their risks are or the facts behind them. For me, the answer is pretty simple — understand what you’re trying to achieve, and move forward from there.

Learn more about the digital transformation journey — check out our eBook.

cyber security

Scott Christensen, Cyber Practice Lead at GrayMatter.

About Scott Christensen

Based out of Houston, Scott is helping spearhead the GrayMatter cyber practice as an industry thought leader on operational technology cyber security. He specializes in helping companies struggling with risk on the journey to digital transformation and mapping out OT cyber strategies.

Follow Scott on LinkedIn

TechHub: The Year of Cyber Disasters, Manufacturing Technology Orders Back on Track & More

Ending 2017 Strong: Manufacturing Technology Orders Back on Track

Manufacturing technology orders in September continued their upward trend, ending the third quarter on a strong note, according to Industry Week.

The rise in orders in September surprised some analysts, who had expected orders to remain weak until December.

“Manufacturers are concerned about Washington’s impact on economic growth and pace of technological change, as well as the general evolution in technology. It is necessary for companies to invest in current technologies to stay competitive, but they’re doing so at a moderate pace,” said Doug Woods, President of the Association for Manufacturing Technology.

Regionally, the North Central West, Southeast and Northeast regions as reported by USMTO benefited from strong activity in contract machining shops, forging and stamping, automotive, and consumer electronics. Notably, orders from the consumer electronics and computers sector were up 132% nationally.

The key leading indicators for manufacturing technology are positive, leading analysts to believe there will be an acceleration in orders at the close of 2017.

The Year of Cyber Security Disasters

2017 was the year of industrial cyber attacks.

Ransomware crippled hospitals in the U.K., hit U.S. pharmaceutical company Merck, infiltrated Russian oil giant Rosnoft, shut down Ukrainian power grids and more.

Special Agent Keith Mularski, Unit Chief of the FBI Cyber Initiative & Resource Fusion Unit, spoke at GrayMatter’s annual conference on industrial cyber security.

Operational technology is at a risk in the digital age now more than ever before.

According to Gartner, “the number one issue in vulnerability management is that organizations are not prioritizing their patching and mitigating controls, nor are they mitigating the exploitation of commonly targeted vulnerabilities.”

Companies are struggling to find the common ground between “what can I fix” and “what will make the biggest difference in the time and resources I have.”

The answer: a risk-based approach.

CyberX’s ICS Attack Vector Prediction technology combines a deep understanding of industrial protocols, devices and applications with:

  • ICS-specific asset discovery
  • Continuous real-time monitoring and incident forensics
  • Risk and vulnerability management
  • Threat intelligence

“It helps business leaders and OT personnel quickly understand the top threats to their most critical industrial assets, and how to most efficiently reduce their top risks.”

This unique approach reduces complexity by addressing all four requirements of Gartner’s Adaptive Security architecture — Prediction, Prevention, Detection and Response — in a single, holistic platform.

“Our customers are often concerned about what they don’t know. CyberX’s Attack Vector Prediction technology allows them to predict and visualize scenarios for real-time planning of operational cyber strategy,” said Jim Gillespie, CEO of GrayMatter.

Learn more about implementing a predictive cyber approach

About CyberX

CyberX provides the most widely-deployed industrial cybersecurity platform for continuously reducing ICS risk. Supporting all OT vendors and seamlessly integrating with existing IT security tools, CyberX’s platform combines a deep understanding of industrial protocols, devices, and applications with ICS-specific asset discovery, continuous real-time monitoring and incident forensics, risk and vulnerability management, and threat intelligence.

GrayMatter VP on OT Cyber Security at 2017 ARC Industry Forum

GrayMatter VP Kemell Kassim speaks to Sid Snitkin, VP of Enterprise Advisory Services of ARC Advisory Group, during the 2017 ARC Industry Forum in Orlando, FL.


Q&A: GrayMatter CEO Jim Gillespie on the Industrial IoT Opportunity

GrayMatter CEO Jim Gillespie sits down with CRN for a Q&A during GE’s Minds + Machines 2017 conference in San Francisco, detailing rapidly evolving interest in the Internet of Things over the past year and expected trends for 2018 among industrial customers.

Originally published in CRN

Q: Can you talk about GrayMatter, who you guys are?

GrayMatter’s goal is to transform operations and empower people. We work with some of the biggest companies in the world to transform their operations and help every operator be empowered to act like the best one.

We help them connect their critical assets and work smarter to make better decisions. We see them and think about helping them play Moneyball with their digital assets. A lot of our focus is on manufacturing, digital utilities, connected field services and with the industrial IoT.

Q: Talk about industrial IoT, what kind of services are you guys offering around that area?

The industrial IoT is a really big opportunity. We help people with assessments, we help people sort through what the strategies and opportunities can be and we look into putting a plan together, a strategy, quick proofs of concept and really start to generate information to make those assets better.

We help people identify assets that are breaking before they’re broke, alerting the field service team to get the right person with the right skill set with the right parts out to those assets at the right time.

Q: Looking forward to 2018, what kind of trends should we look out for around the industrial IoT space?

We’re really excited about it. At the main stage of Minds and Machines here today, they talked about how 85-percent of the clients know they need digital transformation, and only about 13-percent of the people are acting.

So there’s a huge opportunity to close the gap between aspirations and action. We get together with the clients, do a lot of co-innovation to solve through these issues and layout a road map, really helping them get to their aspirations around digital.

Another trend is this whole new world of connecting the products out there and closing the loop with the field service transformation. You could transform the service first and then connect the products, or vice versa – that wasn’t really possible five years ago, so the art of the possible is a trend.

Q: What kind of language do industrial customers use when they talk about IoT? Do they actually say ‘the Internet of Things?’

I think that lingo is interesting because we’ve done edge connectivity for 25 years but that term has only recently come into the OT space.

That was a networking term that is now used for OT connectivity.

We do see clients using industrial IoT and IoT lingo – some people in manufacturing think of the term ‘Industry 4.0’ as sort of a way to think about it.

In the utility space, people are thinking of digital utilities.

“We help them connect their critical assets and work smarter to make better decisions. We see them and think about helping them play Moneyball with their digital assets.”


Q: What’s causing the digital gap? What challenges are industrial customers facing?

I think the gap is made up of a lot of subparts – a skill gap, knowledge gap, people, culture, execution – it’s sort of a perfect storm of all those things.

We have a lot of manufacturing clients, so there’s a lot of legacy challenges that came before them – what’s legacy-installed, and getting it up into that digital world and integrating the supply chain. So an overall view of the supply chain is a big deal. And our second biggest client is digital utilities – we think a lot of wastewater and power are working through that as well.

Q: How are you first bringing up the discussion around IoT projects with industrial customers?

I think there’s two ways – when we work with someone like DC Water, we’re really a co-innovation partner with them, so if you asked them they’d say they come to us when they’re looking to solve a problem they couldn’t solve before, and they come to us to find out the art of the possible.

The other way is we think about what are the outcomes the customers are looking for, and what’s the best way to achieve those outcomes.

Q: What’s one use case where you’ve successfully deployed an IoT solution?

We did a connected smart water fountain [with DC Water in Washington, D.C.] – people think of that as an IoT application. That’s a good example because it combines a whole bunch of innovation. It’s IoT and the value of the network, so when you have multiple drops on the network you can now get like a Google map picture of the water quality instead of the traffic with blue, yellow and red signifying how the water quality is in different points of consumption.

At the same time, we’ve made the devices intelligent so they check their own quality, and they try to clean themselves and let someone know if they need help being cleaned. It’s kind of a confluence of all these things that weren’t possible coming together.

Q: What’s another use case where you’re working with GE to help a customer transform operations?

We’re working with GE Current – it’s energy savings combined with IoT, so the lights are intelligent.

The byproduct is the lights can tell you if your real estate is being used as efficiently as it could be, so it’s almost the practices we have in manufacturing of efficiency, but applied to conference rooms or gathering spaces at a university, or bank branches wondering about the pattern usages of customers – so we get new applications from IoT.

Energy savings pays for it but then you have the cool additional efficiencies

“85-percent of the clients know they need digital transformation, and only about 13-percent of the people are acting.”


Q: What kind of demand are you seeing around edge computing and analytics in the industrial market?

Edge is almost a continuum of possibilities, from server with tons of edge computing power and storage, down to a really simple not expensive lower intelligence to just bridge the data up to the cloud, so it depends on how much latency you can handle in an application, how much local intelligence needs to go on. For a manufacturing plant, it’s very important to close the loop locally, for other applications like lighting going up to the cloud, you don’t need as much at the edge.

It’s a conversation around the outcomes, so you really have to understand the right questions to ask and the right way to design a solution. We would weigh in with the client and design something that meets the outcomes they’re looking for. Almost everything has edge computing, and then it depends where the analytics need to happen, and there’s some sort of connectivity or either local buffering or on ramp to the cloud.

Q: What kind of security services do industrial customers want for their industrial control system and assets?

The two main areas of interest that clients are driving for us are an easier, better way to segment the networks, and protect the things that can’t be upgraded, so there’s a whole area around how do we harden, temper and better segment the industrial control systems.

And then number two is almost an ADT monitoring approach, how can I have something watch over those assets and keep a software watch on what’s going on, so segmentation and monitoring are two places where we’re seeing more interest than anywhere else. A third thing is customers might not know what they have or how vulnerable they are and want it assessed. We still find that here in 2017, it’s not surprising to us to find that.

Q: What kind of priority level are customers giving cyber security and IoT in their budgets?

There’s operational parameters, like downtime, there’s formulation theft possible, and it could be expensive to repair assets if they’re damaged by a bad actor.

I would say we’re starting to see a trend, more people are prioritizing it as strategy level now, and how do we go from where we are to where we’d like to be. We’re seeing more conversations at a strategic level, and that’s a high-level conversation we’re having much more frequently in 2017 than we did last year, and we’re super pleased with it.

Contact GrayMatter

Get in touch with us!

Translate »