In the movie Green Book, which tells the story of the friendship between famous black jazz pianist Don Shirley and his driver during the transitional period at the end of the segregation era, there is a dramatic scene. In it, the pianist talks about how he is not white enough to be accepted as an equal, and at the same time not black enough because of his profession and way of life. And he ends with an impassioned outburst: “Tell me, what am I?”
In the tech world, there is a similar transitional period that could be metaphorically described as the “emancipation of cybersystems”. Many systems from the information technology world are becoming “not IT enough” as they gain access to the physical world. In turn, systems from the world of industrial or operational technology (OT) are becoming “not OT enough” because, for example, they are connected in a network or have a high proportion of IT components.
For example, we started connecting industrial CNC machines to the cloud. This was done by connecting an IoT gateway for data collection directly to the controller inside the machine. The gateway collected data from the controller and sent it to the cloud platform. As a result, the machine was essentially no longer an OT system, but a cybersystem with both OT and IT components.
This is happening everywhere today. After all the fuss about the metaverse a few years ago, industrial giants are now actively discussing the concept of an “industrial metaverse”. According to a recent report by MIT Technology Review and Siemens, the associated market will grow tenfold to $100 billion by 2030.
The Industrial Metaverse will be a digital world that mirrors and simulates real machines, factories, buildings, and entire cities and transportation systems. The seamless integration of the real and digital worlds will empower people and companies to solve real-world problems.
So, both a machine in a manufacturing plant connected to the cloud to collect telemetry, and a smart lock in a smart home, like the black pianist in Green Book, can communicate in an equally dramatic fashion: “Tell me, what am I?”
This whole story about the emancipation of cybersystems has naturally led to a proliferation of security issues.
For example, safety has traditionally not been as critical in the IT world as it is in the OT world. Now that systems have both components, that is changing. And, for example, information security, which has traditionally been less important in the OT world than in the IT world, is becoming critical there as well.
Historically, the IT and OT worlds have evolved in parallel with little overlap, so their approaches to defense and data transfer protocols are fundamentally different. Therefore, simply combining the systems results in a much larger attack surface. OT systems can be attacked from the IT side, and vice versa. For example, industrial equipment can be attacked from the IT infrastructure side and disrupt the technological process. This has happened more than once in practice.
The way out of this situation is to build security into the design of systems, considering their usage scenarios and their combined (IT+OT) nature.
And the Cyber Immune approach explains how.
In the movie Green Book, which tells the story of the friendship between famous black jazz pianist Don Shirley and his driver during the transitional period at the end of the segregation era, there is a dramatic scene. In it, the pianist talks about how he is not white enough to be accepted as an equal, and at the same time not black enough because of his profession and way of life. And he ends with an impassioned outburst: “Tell me, what am I?”
In the tech world, there is a similar transitional period that could be metaphorically described as the “emancipation of cybersystems”. Many systems from the information technology world are becoming “not IT enough” as they gain access to the physical world. In turn, systems from the world of industrial or operational technology (OT) are becoming “not OT enough” because, for example, they are connected in a network or have a high proportion of IT components.
For example, we started connecting industrial CNC machines to the cloud. This was done by connecting an IoT gateway for data collection directly to the controller inside the machine. The gateway collected data from the controller and sent it to the cloud platform. As a result, the machine was essentially no longer an OT system, but a cybersystem with both OT and IT components.
This is happening everywhere today. After all the fuss about the metaverse a few years ago, industrial giants are now actively discussing the concept of an “industrial metaverse”. According to a recent report by MIT Technology Review and Siemens, the associated market will grow tenfold to $100 billion by 2030.
The Industrial Metaverse will be a digital world that mirrors and simulates real machines, factories, buildings, and entire cities and transportation systems. The seamless integration of the real and digital worlds will empower people and companies to solve real-world problems.
So, both a machine in a manufacturing plant connected to the cloud to collect telemetry, and a smart lock in a smart home, like the black pianist in Green Book, can communicate in an equally dramatic fashion: “Tell me, what am I?”
This whole story about the emancipation of cybersystems has naturally led to a proliferation of security issues.
For example, safety has traditionally not been as critical in the IT world as it is in the OT world. Now that systems have both components, that is changing. And, for example, information security, which has traditionally been less important in the OT world than in the IT world, is becoming critical there as well.
Historically, the IT and OT worlds have evolved in parallel with little overlap, so their approaches to defense and data transfer protocols are fundamentally different. Therefore, simply combining the systems results in a much larger attack surface. OT systems can be attacked from the IT side, and vice versa. For example, industrial equipment can be attacked from the IT infrastructure side and disrupt the technological process. This has happened more than once in practice.
The way out of this situation is to build security into the design of systems, considering their usage scenarios and their combined (IT+OT) nature.
And the Cyber Immune approach explains how.