COMMENT
The era of intelligent operations has already arrived, but some cybersecurity operational processes are a thing of the past. As older members of Gen Z begin their careers, they bring new expectations for digital experiences into the workplace. This trend has important and promising implications for operational technology (OT) security that can push organizations to become more secure, resilient and efficient.
Until now, accessing OT systems used in the manufacturing, energy and critical infrastructure sectors has often been a slow, cumbersome and not particularly secure process. OT systems, some with decades-old technology, use industrial protocols with limited security capabilities weak remote access protocols. These legacy components have limited user access management capabilities that require additional access management solutions. The result is that authorized users must complete additional authentication steps, often with different credentials, to gain access.
Why is this still the case in the age of facial recognition and fingerprints? In short, the system was maintained by more experienced employees, so no one saw the point in changing it. However, as younger workers come on board, legacy systems are no longer keeping pace with their generation’s habits, skills and technological expectations. Organizations that put in the effort to meet their needs can reap multiple benefits.
Better employee experience can improve retention
Employees frustrated or confused by legacy security processes are less likely to be fully engaged in their work and more likely to quit. This is especially true for younger workers. Half of Generation Z workers say this they will leave their jobs that provides poorly functioning or obsolete technology.
Improving retention rates can always help companies control costs, but in today’s manufacturing industry, employee retention is more urgent. More than 80% of manufacturers reported labor shortages in 2023, and onboarding new staff and contractors requires investments in specialized training, unique processes, safety and operational efficiency. By starting to modernize OT security processes and practices now, manufacturers can gain a competitive advantage in recruiting and retaining younger, more skilled workers compared to companies that take a wait-and-see approach.
Improved safety, security and compliance
The smart factory transformation, using industrial Internet of Things (IoT), cloud computing, Industry 4.0 and OT-IT convergence, supports faster and more frequent user login sessions. This increases the need to enable remote access to critical data and devices to remote workers and third parties. It also creates new access models that require more advanced access management solutions, such as fine-grained access with least privilege.
Improving access control is critical to operations and security. Incidents such as repeated cyber attacks national electricity networks and even consumer packaged goods (CPG) plants. have shown that legacy security practices are no longer sufficient to protect OT systems, especially now that OT and IT are inextricably linked. High-profile targets aren’t the only ones who suffer attacks like these; in 2021, 73% of organizations with smart factory operations reported this at least one cyber attack within the previous 12 months.
While cybersecurity must expand to monitor and protect OT equipment and systems, workers must also be connected and visible. For example, safety-critical jobs such as those in refineries and on oil rigs can monitor the location and health of workers in real time. Such monitoring requires automated identity authentication and geolocation, along with access to personal health information and other sensitive data.
Comprehensive and streamlined cybersecurity is important for this type of functionality, data protection, compliance and improved user experience. In addition to improving the employee experience and making work easier for tech-savvy employees, improved security processes can reduce data loss and downtime caused by login difficulties and time spent waiting for credentials.
Building a modern OT cybersecurity program
Based on data collected from OT security leaders across multiple industries, organizations with the most mature OT cybersecurity programs follow a consistent set of best practices. These begin with evaluating the organization’s comprehensive cybersecurity profile to identify areas that need improvement.
Next, these organizations cultivate a culture of awareness around cybersecurity threats to smart factories and converged business and OT operations. Because there are so many potential entry points for threats, security is a collective effort that is often directly related to security.
With a growing security culture and a set of cybersecurity benchmarks, an organization is poised to decide who holds risk management for OT cyberattacks. It is also ready to apply a framework like NIST OR ATT&CK MACHINE GUN to defensive controls that monitor cybersecurity and identify areas for improvement. Participation in industry information sharing groups such as MFG-ISAC it can also help organizations learn about new threats to the industry as they emerge. Risk owners can then use industry knowledge with a proven framework to implement the appropriate defensive controls for their converged OT/IT environments.
Finally, mature OT cybersecurity requires comprehensive governance, oversight, and periodic assessments to help security tools, processes, and access keep pace with the evolving threat landscape and employee needs and expectations.
Forward-thinking OT security supports future innovation
As Gen Z expectations push employers to improve and upgrade OT security, they are also helping to shift the industry toward new capabilities. As OT, IT, IoT and other infrastructure continue to converge and leverage emerging technologies, organizations will have new opportunities for greater process automation, smart-factory, building innovation and supply chain optimization. All of these changes require the kind of modern, efficient, and easy-to-use security processes that Gen Z has come to expect.