31 Mar Cybersecurity: time to act!
In our last ECA Newsletters, we have been talking about the rapid expansion of cyber criminality.
There is no magic in that. Internet connexions are now everywhere. IT systems have become vast puzzles with massive connectivity to the world outside, they include abounding internal links, to the point where sometimes the IT team has no clear and complete view of them.
Moreover, for most companies and organizations, the disruption of their IT systems is now a synonym of partial or total disruption of service. See what happened when French hospitals have been hit by ransomware with the patients’ files being encrypted and no other way to be sure of the treatments to deliver was available.
We have seen how remote working and BYOD have extended the « attack surface ». Today, we would like to talk of another lever for expanding vulnerabilities, that is the transformation of industry productive processes with sensors and systems everywhere.
As we all know, the factory of tomorrow will rely on a crowd of sensors. They will check possible deviations from the normal process or from quality standards, and measure productive parameters to keep the process seamless. In the future, they will provide information allowing to process orders to suppliers, give notice to distributors, interact with the company’s logistics.
That’s the white side of the coin. The dark side of it is that, once again, the attack surface potentially available for a cybercriminal will be much wider. Sensors can be disrupted and their data modified. False information can be sent. Or production data can be spied on.
Unprotected IoT can also trigger massive attacks elsewhere: a few years ago, the WannaCry attack was due to hackers having silently taken control of thousands of connected public cameras, they managed to launch a vast Deny of Service attack by using the cameras to send a tsunami of disrupting messages to Web sites and nodes.
Happily enough, the European Cyber industry has been working on these issues and is now able to provide solutions, for instance, to make sure connected objects remain under the control of their owner and send uncompromised data where it should duly be sent.
So, as Industry 4.0 is spreading, the situation is: solutions exist to protect connected processes, they cost by far less than a disruption in manufacturing, they can be provided by companies not far from you.
Time to act!
Dominique Tessier, Cybersecurity focus group leader