18 Mar Critical Infrastructure security threats observed in new white-paper
Facilities Management (FM) and IT professionals are working more closely than ever before to defend the built environment from cyberattack. In the worlds of OT (operational technology) and IT (information technology), the new buzzword is ‘electrification’ and that’s because power supply is critical to digitalisation. To address the issues this raises, Eaton has just launched a new whitepaper called ‘The importance of life cycle cybersecurity in mission critical power infrastructure’.
The whitepaper explains how components such as switchgear, automatic transfer switches (ATS), uninterruptible power supplies (UPS), transformers, breakers, and protective devices – together with the programmable logic controllers (PLC) and commercial off-the-shelf (COTS) switches, routers, and firewalls used to integrate them into an OT control and monitoring network – can form an attack surface from which cybercriminals can gain access to a business and interact illicitly with its systems.
The whitepaper explores what can be done to prevent this happening by plugging security gaps and introducing regular monitoring and upgrade routines with signed software to guarantee authenticity. It includes a useful supply chain cybersecurity checklist.
As more aspects of our economy – including our vehicles – are electrified, every physical and digital link throughout our built environment must be secured. Systems that traditionally were standalone such as heating, ventilation and air conditioning (HVAC), indoor and outdoor lighting, and power supplies to car parks are increasingly sophisticated and necessarily interlinked, so they must be protected ‘as one’.
Cybercriminals can enter a business IT system and attack all parts of it through a single weak link such as an office printer, ceiling lights or an electric vehicle charging point. The only way to prevent this is by auditing every component and introducing new routines to ensure that the cybersecurity measures protecting them, and the links between them, remain up to the task. Signed software to guarantee the authenticity of upgrades is crucial.
Ashraf Yehia, managing director of Eaton Middle East, said: “We have noticed how buildings owners and managers, and the FM and IT professionals who work for them, assume all entry points into their systems are covered when they may be open to attack. Our intense focus on cybersecurity means we are aware of those entry points and can offer solutions and advice. Defending the building in a unified way, and keeping up a continuous guard, is vital.