Top cybersecurity leaders of India’s leading manufacturing organizations identify the OT-led vulnerabilities and advocate the mitigating roadmaps. CXO News & APAC News Network captures their visions and suggested action plans.
In an era where digital transformation is reshaping industries, the manufacturing sector faces a unique set of cybersecurity challenges. As manufacturers increasingly integrate advanced technologies into their operations, the convergence of Operational Technology (OT) and Information Technology (IT) introduces both opportunities and vulnerabilities. This blend of legacy systems with modern innovations has made cybersecurity a critical concern, as the sector grapples with complex threats ranging from ransomware attacks to supply chain vulnerabilities.
A few eminent cybersecurity leaders from manufacturing organizations including Ambarish Kumar Singh, CISO, Godrej & Boyce Manufacturing, Mansi Thapar, Head of Global Cybersecurity, Apollo Tyres, Sudipto Biswas, CISO, Emami and Baidyanath Kumar, Chief Information Security Officer, JK Lakshmi Cement highlighted the need for a robust and adaptive cybersecurity strategy, one that balances the demands of IT and OT security.
Joining them in a webinar organized by APAC News Network, others including Sanjay Sharma, Head of IT Infrastructure and Cybersecurity, , Alok Shankar Pandey, AGM-IT and CISO, Dedicated Freight Corridor Corporation of India and Celestine Thomas, GM, IS & Digital Technology, Nissan Digital concurred. Everyone underscored that safeguarding manufacturing infrastructure requires a multifaceted approach. As the manufacturing sector continues to evolve, securing its digital future remains paramount to maintaining operational integrity and resilience.
A Critical Examination of OT Security Challenges
Unlike IT security, which primarily emphasizes confidentiality, integrity, and availability, OT security is predominantly concerned with availability. Several IoT deployments in manufacturing organizations have faltered in recent times due to the lack of consummation between these IT and OT systems.
Amarish Kumar Singh, CISO, Godrej & Boyce Manufacturing, underscored this critical distinction citing the severe consequences of OT breaches, such as those affecting power grids, where the impact can extend beyond financial losses to potential loss of life. “OT breaches, such as in power grids, can have catastrophic consequences, including loss of life. The focus must be on maintaining the availability of critical systems,” he emphasized.
There are complexities inherent in managing OT security, particularly in environments that combine legacy systems with modern technology. Mansi Thapar, Head of Global Cybersecurity, Apollo Tyres, addressed these challenges, through the issues related to network architecture attrition and the complications introduced by cloud environments.
“Challenges include network architecture attrition, human factors, and the use of removable media. The shift to cloud environments also complicates security,” outlined Thapar even as she advocated improved visibility into OT networks to better identify and mitigate vulnerabilities.
Standardization and Continuous Assessment Sudipto Biswas, CISO, Emami emphasized the need for a standardized approach to security practices and ongoing monitoring of OT devices. “Understand the importance of standardization and continuous assessment in managing risks within manufacturing environments. Create a culture of security that involves standardizing protocols and continuously monitoring OT devices.” This approach will automatically help in managing risks effectively, he believes.
Baidyanath Kumar, Chief Information Security Officer, JK Lakshmi Cement, was concerned about the convergence of IT and OT systems, driven by Industry 4.0. This integration often introduces new vulnerabilities that require robust cybersecurity measures, he observed, “The integration of IT and OT systems, driven by Industry 4.0, exposes OT systems to new vulnerabilities. Ensuring robust cybersecurity measures is essential to safeguard against such targeted attacks and supply chain risks,” he concluded.
Addressing IT Vulnerabilities and Supply Chain Security
Sanjay Sharma, Head, IT Infrastructure and Cybersecurity, Shram Pistons and Rings, and Alok Shankar Pandey, AGM-IT and CISO, Dedicated Freight Corridor Corporation agreed on addressing these vulnerabilities within IT systems and the supply chain security. The increasing threat of ransomware attacks and the subsequent need for proactive security measures offer ample testimony to these concerns.
“Regular audits and vulnerability management are crucial for maintaining cybersecurity in manufacturing settings,” emphasized Sharma “Regular risk assessments and VAP audits are essential for identifying and mitigating risks. Manufacturing setups need to address email security and protect against advanced threats such as spear phishing,” added Pandey.
Protecting against supply chain attacks was also high on Baidyanath Kumar’s agenda. JK Lakshmi Cement has outlined security evaluations for SaaS products, guiding suppliers on compliance, and conducting security assessments.“Supply chain attacks and their protection are part of our budget this year. We conduct security evaluations for SaaS products, ensure proper data security, and draft contracts with robust clauses to protect against breaches,” he informed.
The Evolving Threat Landscape and Best Practices
The evolving threat landscape in the manufacturing sector obviates a comprehensive approach to cybersecurity. Celestine Thomas, GM, IS & Digital Technology, Nissan Digital emphasized the importance of integrating privacy by design into manufacturing practices. This ensures that data protection measures are embedded from the outset. “This approach, coupled with continuous monitoring and adherence to regulatory requirements, forms the cornerstone of effective cybersecurity strategies in manufacturing,” he observed.
All the cybersecurity leaders discussed threadbare the challenges specific to the manufacturing sector and zeroed in on the critical need for a multifaceted approach to security, encompassing better network visibility, standardized practices, and adaptation to the convergence of IT and OT systems. “Addressing these challenges proactively is essential to safeguarding manufacturing infrastructure against potential cyber threats,” added Thapar.
As the sector continues to evolve with advancements such as Industry 4.0, maintaining a robust cybersecurity posture remains a top priority for manufacturing organizations worldwide, believed Biswas. The critical insights culminating from the APAC News Network discussion could serve as a valuable fiture ballpark for the manufacturing sector in designing their cybersecuruity roadmaps.
Swapnil Mishra & Rajneesh De, APAC News Network
Discussion about this post