Protecting Industrial Operations from Cyberattacks

Q: What are the primary cyberattacks against operational technology, also known as OT, in Mexico?

A: In the old days, we used to see attacks that were neither directed nor intelligent. Viruses would infect operational networks in plants and slow them down. Now, attacks are more sophisticated. Criminals are seeking to obtain sensitive information or sabotage a critical system to elicit a financial ransom. The attackers want to stay anonymous as opposed to gaining notoriety. With the emergence of Industry 4.0, operational networks are being connected to the internet. While it has made them more agile, it has greatly increased the level of exposure. Before, a worker would connect to a sensor or a measurement instrument at their workstation. Now, with the Internet of Things, connections are being made from many more points and by more people.

Q: Industrial infrastructure is often decades old. How does this affect the ability to secure it?

A: When we speak to a client, we often make the comparison between the corporate network and the operational network. Corporate networks tend to have a life cycle of three to five years. After that, hardware such as PCs and servers are renewed. For an operational network, robots and all the technology that composes the network have a life cycle of between 20 to 25 years. While it has a better longevity, we call it obsolete at times. Obsolete tech can complicate the integration of software. Patches, for example, are often not updated. In our holistic approach to cybersecurity, we take into account that some systems are obsolete and design our solutions and services so this does not become an obstacle. One issue is that plant owners may think their technology is not at risk of cyberattacks because it is old. This is a false notion.

Q: Is it necessary to invest in new industrial infrastructure or can you be protected with the latest adapted cybersecurity?

A: You can protect older infrastructure with the adequate solutions and services. At the end of the day, an investment in operational technology is something you do every 20 years. However, if you do not protect against cyberattacks, you may end up having to invest twice as much in new infrastructure. This is because a hack can really damage installations. There are situations when malware can heat up a sensor to the point of causing an explosion in the plant. This does not only put production at risk but also human lives.

Q: What is your methodology for implementing cybersecurity solutions?

A: We work with a multilayered approach based on five zones. The first zone is the industrial floor. Using AI, we see how the industrial plant operates, including its sensors and measurement tools, and implement a cap to protect it. Then we have zone 1 and zone 2, based on telecommunications and SCADA networks. We integrate services to protect both privileged and nonprivileged users and their credentials. We use AI to detect any lateral movements of malicious actors. We use traps to identify if malware is present in the operational network. Lastly, zones 3 and 4 are where the operational network converges with the corporate network. Apollocom protects both the operational network as well as the corporate network because there are always connections between the two.

Q: How frequently does a cyberattack on OT involve an employee of the company?

A: Eighty percent of cyberattacks go through employees. Some have malicious intentions; others are unaware. There are many people who are not cyber aware. They might open an email from a suspicious account or find a USB in the hallway and plug it into the industrial control system. This is why it is so important for organizations to focus on raising awareness of cybersecurity risks, both at the corporate and the operational level.

Q: What training do you provide to clients?

A: Many companies, when they experience an attack, go into full panic mode. They do not know how to act and lose precious time in the process. Beyond awareness training, Apollocom provides technical training for the cybersecurity specialists in a company. This makes them ready to prevent and also react to attacks. We offer the world’s leading hyper-realistic cyber training and simulation platform. This enables organizations to set up and manage their own cybersecurity training centers. The simulated environment is injected with traffic, simulating typical activity, such as user emails, web-surfing and server communications, to create multiple comprehensive training scenarios. We ensure the training, procedures and technologies are all in a safe and controllable environment. It accelerates qualification, reduces certification time and produces staff who are more competent and up to date. 

Q: In which industries are you the strongest?

A: We have a great deal of experience in midstream, upstream and downstream oil and gas operations. We also are present in the energy sector and are further diversifying into the food and beverages and the pharmaceutical industries. Our parent company, Grupo Apollo, has been present in the oil and gas industry for more than 30 years. This has been helpful for opening doors and being able to increase our value by offering additional cutting-edge solutions.

We can proudly say we are pioneers in implementing OT cybersecurity solutions with clients like CENAGAS, PEMEX, Grupo Peñoles, McDermott and ICA. In 2021, our goal is to expand our portfolio further into power generation, renewable energy, food and beverages and pharmaceutical. We have also developed a top-tier solution for fuel storage terminals.

Q: What are your expectations for 2021?

A: As the pandemic taught us in 2020, we are heading to a 100 percent digital world. With the arrival of Industry 4.0, vulnerability to cyberattacks is increasing. We are expecting organizations to become more aware of the issue and realize how important it is to allocate resources to it. We are determined to offer top-notch technology to comply with the latest standards. 

Apollocom works with top-tier companies to implement cybersecurity solutions and services for the protection of operational technology networks in industrial systems. The company is present in the midstream, upstream and downstream oil and gas industries, as well as the energy, food and beverage and the pharmaceutical sector.