One of the key lessons learnt from the Covid-19 pandemic is the value of resilient and flexible networks.
Resilient networks help organisations to prepare for unexpected shocks such as the current pandemic. According to RSA, resiliency is about having the ability to survive disruption that could include natural and manmade disasters, cyberattacks, economic downturns and loss of public infrastructure, among others.
In a year full of bad news, one of the few success stories across the globe has been the dramatic increase in remote collaboration that has kept the lights on despite the grim situation caused by the pandemic.
Employees have been working from their homes and collaborating with each other remotely. Companies are conducting sales meetings and deals via video conferencing solutions. Medical researchers working in labs across the world have been consulting with each other remotely in their effort to find a vaccine for Covid-19. Educational institutions have moved to online pedagogy to ensure that students don’t miss out on their education due to closure of teaching institutions.
All of this has been made possible due to the resiliency of networks which, by and large, have survived the exponential increase in bandwidth usage and also cyber-attacks as bad actors try to take advantage of the increased online traffic. It is useful to remember that prior to the current crisis, very few organisations would have conceived of a situation where, for example, almost all their staff would be working remotely through home networks that are not very well secured.
Apart from resiliency, innovation has also played a big part in ensuring a smooth transition to a remote way of doing things. The success of remote collaboration and work is not due to any sudden breakthrough technologies. Rather it is due to the innovative use of existing technologies.
Teachers are using new teaching models to make online lessons enjoyable for students; many companies are using video conferencing not only for meetings but also to ensure that employees are able to bond together and share ideas as they would normally do in an office environment. Welcome to the world of “virtual” lunch meetings and beer parties!
A CEO of a large enterprise software company recently shared with this writer that he was pleasantly surprised to find out that his sales department had chalked out a process whereby they could install on-premise software for their customers using remote access and video conferencing. Previously, such installations used to involve multiple site visits for week on an end.
These examples bring us to directly to the connection between resiliency and innovation. Both pre-suppose the ability to be flexible as well as proactive. A resilient network does not wait for bad things to happen (in the form of cyberattacks or outages) before adjusting or adapting. Resilient networks and organisations have the built-in flexibility to tackle unexpected events and adapt on the go.
Similarly, innovation happens when workers or organisations stretch the boundaries of what they are doing and come up with ideas and systems that often involve a new way of doing things. Both innovation and resiliency require the ability to evolve with time and situation and come up with a new paradigm.
Talking about new paradigm, 5G is set to revolutionise communication and connectivity. A key feature of 5G is low latency and this will make possible the mass scale adoption of many new technologies, systems and processes. To give two examples, largescale use of autonomous vehicles on roads and untethered robots on the factory shop-floors will become a possibility once 5G becomes mainstream.
5G will dramatically empower the fourth industrial revolution, also called Industry 4.0. Already new autonomous technologies are bringing about dramatic changes on the production floor of factories and industrial set-ups as digitalisation, advanced robotics, Industrial Internet of Things (IIOT) and other network-linked digital technologies blur the lines between what is digital and what is physical on a factory shop floor.
There are already examples where maintenance engineers use what is called a “digital twin”, that is the digital representation of the factory shop floor, to predict which machinery part could become defective, even before it stops working.
While organisations, particularly those involved in industrial manufacturing, are embracing Industry 4.0, there is an increasing realisation that while this merger of the digital and physical world in the industrial landscape allows for tremendous possibilities, cybersecurity is a major concern and a potential stumbling block in ensuring that the resiliency of their networks remain intact.
Industrial control systems, collectively known as OT (operational technology) networks, help run the machinery in industrial infrastructure. They are the central nervous system of any modern industrial facility, be it large manufacturing units or public utilities such as power plants and waste water treatment plants. OT components like programmable logic controllers (PLCs) and Scada (supervisory control and data acquisition) systems are vital in the functioning of large industrial facilities. However, OT networks are increasingly being seen as weak links in terms of cybersecurity.
It is not hard to understand why. These networks have been around for a long time and legacy OT systems were never designed with (cyber) security in mind since they were meant to operate within isolated silos and never conceived of being connected to external networks.
As companies modernise to take advantage of Industry 4.0, they are connecting legacy OT systems to their IT networks in order to allow for remote access to PLC, Scada and other such systems. As a result, there is no longer a physical gap between the OT and IT networks.
OT networks are being increasingly exposed to outside risks due to remote sensors being hooked up to them for a variety of use cases. Due to this exposure and the criticality of services, OT networks have become attractive to hack and breach. There are a growing number of OT exploit kits available in the Dark Web and also monetisation options of exploits through ransomware.
There is a saying in the cybersecurity industry that a network is only as strong as its weakest point. While a hacker may find it difficult to access the database of, say a power utility which sits on a secure server, the same hacker may not face the same difficulty in accessing an autonomously transmitting temperature sensor strapped on to a generator. Since the IT and OT networks are joined hacking the sensor gives the hypothetical hacker a backdoor access to the data base despite stringent measures.
With the IT and OT networks becoming one, there is a vital need to plug the gap and bring OT cybersecurity up the priority list. Fortunately, there is a global awareness of the threat and many governments, like that of Singapore have taken measures to protect OT networks. Last year, the Cyber Security Agency of Singapore (CSA) released its OT Cybersecurity Masterplan to enhance the security and resilience of Singapore’s Critical Information Infrastructure (CII) sectors. Other countries have also come out or are in the process of coming out with similar guidelines.
The increasing convergence of corporate IT and production OT networks offer tremendous advantages despite the security risks. An effective unified approach to cybersecurity will overcome traditional organisational challenges between IT and OT teams, so that OT engineers can focus on maintaining services without becoming security experts, and IT security has the insight they need to effectively understand and manage risk for both networks.
In conclusion, organisations need to keep on building the resiliency of their networks even as they evolve. This will fuel innovation and in a digital first world, the combination of the two will propel the economy on a new growth trajectory that will help to quickly overcome the economic devastation caused by Covid-19.
Amit Roy Choudhury, a media consultant, and senior journalist, writes about technology for GovInsider.