Lack of proper network security can cost the company up to 17 million pounds
Automation of production processes is one of the important distinguishing features of modern economies in the world. Modern and very serious problem are cyber attacks directed to industrial networks (OT - Operations Technology). One of them was Industroyer in June 2017, which among others he attacked power plants, waterworks, and gas switching stations, directly controlling the switches and switches located in electrical substations. To this end, he used industrial communication protocols used in power infrastructure, transport control systems and other critical critical infrastructure systems (water, gas) that are used around the world. Securing the network and such systems, and hence - industrial networks, is significantly different from the protection of corporate networks.
Industrial networks are equally exposed to cyber attacks as corporate networks. As experts from Stormshield point out, cybercriminals are increasingly breaking control systems. Such activities paralyze the work of key industrial institutions, exposing them to huge losses. You can prevent them, among others by forcing them to use appropriate security. This move was decided by the British government, which ordered the largest entrepreneurs to increase the level of protection of their corporate networks. Failure to comply with this order may result in a £ 17 million fine!
In corporate networks, we can control network traffic using a firewall or implement advanced anti-virus programs. Updates of computer stations or operating systems of control devices in industrial networks are difficult due to the continuity of production processes. As a result, some companies deliberately avoid process downtime and carry out updates even every few years. Thus, they risk and create conditions for cybercriminals who can break their security - explains Piotr Kałuża, team leader from Stormshield, a company specializing in the protection of business network connections to the Internet.
Even 17 million pounds penalties for lack of security
In accordance with the Directive of the European Parliament and of the Council (EU) dated July 6, 2016 all European Union countries are obliged to ensure a high level of security of network and information systems. The United Kingdom, negotiating its exit from the Union, decided to face cyber threats. That is why, at the end of January, it announced the introduction of its own directive, which will oblige enterprises from key sectors of the British economy to adequately secure their industrial networks. In the case of attacks or serious system failures, resulting from the lack of reliable security against cyber attacks, enterprises, starting from May 10, 2018, will be able to be punished with an amount of up to 17 million pounds.
Protection of industrial networks is difficult but feasible. Problems are not only the updates, but also the specifics of the systems' operation - they operate in difficult conditions, where there is low or extremely high temperature, there are shocks, there is dust, electromagnetic interference occurs. Contemporary devices of the Next Generation Firewall and UTM class meet such needs - thanks to the sealed housing they are resistant to difficult working conditions, they detect gaps in systems, they also protect advanced industrial protocols - adds Piotr Kałuża.
Large enterprises, not only British ones, are exposed to financial penalties for the lack of adequate safeguards, but most of all to the negative effects of attacks carried out by cybercriminals. As a result, blackmail may occur, blocking production processes, and thus generating huge financial losses that may disturb the company's position on the market.
Learn more about our offer
We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.