News

Mix of legacy OT and connected technologies creates security gaps

Rising threats to vehicles and industrial operational technology (OT) have led a growing number of enterprises worldwide to invest in advanced technologies and services to better secure their assets, according to an ISG research report.

The report finds that cybersecurity has become a high priority for companies in manufacturing, automotive, life sciences, and other industries amid recent cyberattacks against manufacturing facilities and connected vehicles. The urgent need to modernize or replace legacy systems, along with a shortage of skilled cybersecurity engineers, is fueling the growth of solution and outsourcing providers.

“Connected systems are vulnerable to a new universe of threats that keeps expanding,” said Bob Krohn, partner at ISG. “Companies are quickly building capabilities to secure both operational technology and mobility.”

While machine-to-machine (M2M) communication and machine learning have helped industrial firms improve quality, maintenance and machine life, many are now using a complicated mix of legacy OT and connected technologies that is rife with security gaps. Their current OT security solutions often need more visibility into IoT, mobile and wireless assets. Enterprises are looking for easy-to-deploy solutions that can display all assets.

Most companies with OT security challenges are implementing systems for detecting and proactively derailing threats, while some are also deploying tools that use decoys and deception to throw off attackers.

ISG predicts the next wave of OT security solutions will focus on big data. These will collect similar information from multiple customers, especially manufacturing firms, and create a data lake where machine learning algorithms generate security insights and recommendations.

Worries about mobility security are especially intense in the automotive industry, intensified by the growing number of cyberattacks against cars and the introduction of new regulations that impose requirements for protecting vehicles. Major automotive dangers include global navigation satellite system (GNSS) spoofing, which can allow attackers to take control of a vehicle, ship or aircraft, and threats that take advantage of the growing number of sensors around modern vehicles.

To counter these threats, automotive OEMs and suppliers are taking advantage of emerging tools from mobility security providers, including firewalls, intrusion detection and prevention systems (IDS/IPS) and software running on microcontrollers and CPUs.

“Mobility security is top of mind for the auto industry, given the rise in attacks against connected cars,” said Jan Erik Aase, partner and global leader, ISG Provider Lens Research. “The new smart vehicle platforms require smart security, and providers are stepping up with new solutions.”