< PreviousFEATURES 30The manufacturing sector is innovating at rapid speed thanks to the industry's embrace of digitalisation and the Internet of Things (IoT). These technologies have enabled previously disconnected tools and systems to work together and share data, providing a more comprehensive and accurate view of the manufacturing process. While digitalisation in manufacturing has driven many improved outcomes for both manufacturers and customers such as improved efficiency and quality, it also comes with an inevitable drawback – increased cyber risk. The balancing act between digital transformation speed and security To strike the right balance between digital transformation speed and security, business leaders should first look at the size of their company and its reliance on data and automated processes. The big companies with high revenue for instance, risk a lot by pursuing digital transformation without a strong cybersecurity foundation. Take a large manufacturing company that relies heavily on automated processes as an example – they may be more inclined to invest in cybersecurity measures that slow down its digital transformation efforts. This may sound like a setback, however, a cyberattack on this type of organisation could have devastating consequences and cause a huge amount of disruption. A company at this scale, should be recognising the ‘cyberdebt’ that comes with digital investment, and ideally factoring that into the ROI for going digital. On the other hand, a smaller manufacturer that relies more on manual labour than process automation, may be more willing to take risks with its digital transformation efforts. This is because a cyberattack on this type of company may have less of an impact – or at least that’s the perception. John Allen, strategic pharma consultant, Radiflow www.radiflow.com The digitalisation of manufacturing: a security nightmare? FEATURES 31Ultimately, the decision of how to balance the pace of innovation and level of security is a complex one that must be made on a case-by-case basis. Regardless of the size of the manufacturer, it is important to be aware of the risks involved in pursuing digital transformation without a strong foundation in cybersecurity. Cybersecurity concerns around OT technology Historically, operational technology (OT) assets functioned independently. Fast forward to today, there has been a real shift towards connecting these assets to a network in order to streamline administrative processes, improve quality and information-sharing. At the same time, this increased connectivity also presents a significant challenge for manufacturers as it expands their attack surface and exposes them to a higher risk of cyber threats. The first issue stems from the fact that legacy OT assets in the manufacturing sector weren’t designed with cybersecurity considerations in mind because there was no need for them. They were isolated from connected networks and only faced a fraction of the risks they face today. But with OT systems becoming increasingly connected, OT security shouldn’t be an afterthought, but rather, a top priority. Another pressing concern is the management of OT networks. Traditionally, manufacturers focused on physical safety and functionality, with cybersecurity taking a back seat. However, this approach is no longer sufficient in today’s landscape and needs to be prioritised. Attacks are increasingly becoming frequent and in some cases, arguably more sophisticated, posing a threat to the industry. According to IBM’s Security X-Force Threat Intelligence Index 2023, the manufacturing industry experienced the highest number of cyberattacks worldwide in 2022, with ransomware being the primary threat. In fact, one out of every five ransomware attacks specifically targeted manufacturing firms, and this is only increasing. Where to start In light of these concerns and considerations, the question begs, what is the first step manufacturers should take? The answer is: they should take a proactive approach to developing a robust cybersecurity plan, as IT and OT systems continue to converge and become more connected. To address these risks, organisations need to re-assess their security strategy and culture. A key first step is to know what OT assets you have, how they relate to key business process/products and what level of risk is present, this will set the foundation for the strategy and plan. While there may be initial hurdles along the way, it cannot be emphasised enough how essential it is for IT managers and business leaders to develop a strong cybersecurity strategy that takes into account - people, processes and technology. Keep your team cyber aware First, let’s dive into people. One of the most important factors manufacturers can’t lose sight of is the human aspect of cybersecurity. Even if a manufacturer invests in the most advanced security solution, it can be rendered ineffective without skilled people and experts operating it. It requires IT managers and business executives to keep up to date with the cybersecurity landscape and the latest threats to help them combat potential risks and attacks on their OT systems. Key stakeholders within the organisation must also be actively involved and make regular cyber awareness training effective for all employees across the business. It takes a team effort to protect your organisation from cyberattacks – it’s not a one-person job. Securing OT as well as IT systems requires an approach that includes support and commitment from all levels of the business as well as a partnership between Security Operations, Manufacturing IT and Manufacturing (shop floor/labs) Engineering. What’s more, IT and OT operational teams need to consider their mindset around cybersecurity tools. They should not be used as a ‘set it and forget it’ solution. Cybersecurity tools are designed to make life easier for the personnel responsible for security - they are not a replacement for human expertise. Benefits of clear processes Manufacturers need to implement clear processes to proactively manage and mitigate cybersecurity threats. These span modified operating procedures and security procedures/standards. This includes conducting a posture assessment and risk assessment, using threat intelligence and modelling, as well as obtaining cyber insurance. These steps are important because they will help organisations to identify threats in a timely manner, respond to threats efficiently, and learn from past incidents which can be used to improve the organisation’s posture in the future. The technology ‘shield’ for manufacturers As well as having clear processes, automated technology plays a central role in protecting organisations from cyberattacks. It achieves this by providing complete visibility into IT/OT networks, which allows for quick detection and response to anomalies. These technologies are also continuously updated to include any new network areas added by acquisition, new equipment purchases, or via other means. 60% of malware introduced into a company comes via its people FEATURES 32Also, threat intelligence can help OT operators effectively manage vulnerabilities, conduct risk evaluations and simulations to help them understand the next best step to preventing a breach. Since it's impossible to mitigate every threat, a risk- based approach prioritising the largest and most detrimental threats is vital when it comes to maintaining system security and maximising ROI. Digitalisation and IoT offer a myriad of benefits for manufacturers, but it’s crucial to remember that they also expose them to heightened cyber risks. A single cyberattack can cause reputational damage, financial losses, and even operational disruptions. To mitigate these risks, manufacturers must prioritise cybersecurity in their long-term strategies. This requires a holistic approach that considers people, processes, and technology. Time is of the essence. Manufacturers must act now to protect their digital future. FEATURES 33Hybrid working has transitioned from cutting edge to commonplace in the last few years, and the Covid-19 pandemic has fundamentally altered the way we work. The latest figures from the Office of National Statistics (ONS) found that just under half (44%) of all UK workers reported either working from home or using a hybrid model. Notably, of the 56% who only travelled to work, most did so because their role could only be carried out on-site. Just 10% of those travelling to work full time said that they could work from home. This shift has brought about new demands for security, networking and Zero Trust Network Access (ZTNA). Balancing user experience and network security remains a challenge for many organisations. If security controls are too tight, usability and productivity take a hit. Too loose, and the firm risks leaving itself vulnerable to cyber threats. For decades, security measures were primarily designed for traditional office environments. However, the rapid shift to remote work during the pandemic necessitated a rethinking of these measures. As a result, ZTNA solutions, which operate on the principle of ‘never trust, always verify’, gained prominence for their ability to secure remote work. Now, as hybrid working becomes more widespread, the demands on ZTNA are evolving. The need for security is no longer confined to just remote work. On-premises work environments also require robust security measures to protect against increasingly sophisticated cyber threats. According to a report by Gartner, ZTNA was the fastest-growing segment in network security in 2022, and predicts that by 2026 10% of large enterprises will have a mature and measurable Zero Trust program Redefining network security for hybrid work: the merger of Zero Trust and Software-Defined LAN Martin Mackay, CRO at Versa Networks https://versa- networks.com/ 34 FEATURESin place. This underscores the growing recognition of ZTNA's importance in the current work environment. However, to fully leverage the benefits of ZTNA, it's crucial to adapt and extend these solutions to meet the unique demands of hybrid work. Understanding the limits of current ZTNA solutions Current ZTNA solutions, while effective for remote work, face limitations when applied to on-premises work environments. These solutions were primarily designed to secure remote workers, providing them with secure access to enterprise resources over the internet. However, when these solutions are extended to on-premises environments, they often fall short. One of the main limitations is the impact on user experience. ZTNA solutions typically require all traffic to be routed through a secure gateway for inspection and policy enforcement. This process, known as ‘hairpinning’, can introduce latency, negatively affecting the performance of applications and the overall user experience. Moreover, current ZTNA solutions often lack the ability to enforce policies inline, in real-time. This means that if a security threat is detected, the response may be delayed or only enforced at the secure gateway. Without inline enforcement, threats are not stopped from propagating ‘east-west’ across the network via ‘lateral movement’. Furthermore, these solutions frequently struggle to provide seamless access to local resources, such as printers and IP phones, which are commonly used in on-premises environments. This can result in a disjointed and frustrating user experience. 35 FEATURESSo, while current ZTNA solutions have been instrumental in securing remote work, they still need to be modernised to effectively meet the networking and security needs of hybrid work environments. Why the convergence of Zero Trust and Software- Defined LAN will be the next step One of the most promising solutions to these issues is the integration between ZTNA and Software- Defined LAN, also called ‘Zero Trust Everywhere’. This convergence incorporates the ‘never trust, always verify’ principles of Zero Trust with the flexibility and efficiency of SD-LAN. SD-LAN modernises the traditional LAN architecture with a software-defined, hardware-agnostic approach. It provides advanced automation and AI/ML-based network and security anomaly detection. This approach allows for dynamic best-path traffic selection to optimise user-to-application experience and inline Zero Trust policy enforcement at the user, device and application level. By integrating ZTNA and SD-LAN, organisations can enforce granular, Zero Trust access policies based on continuous assessment of identity, device posture and application. This approach ensures a secure and consistent user experience across all locations. Moreover, this convergence allows organisations to deliver an in-line ZTNA solution that can be integrated into any campus or branch architecture. This integration provides a comprehensive solution that can meet the networking and security needs of both remote and on-premises users in today's hybrid work environment. Meeting balancing security and user experience The integration of ZTNA and SD-LAN is uniquely positioned to meet the demands of both networking and security in a hybrid work environment. This combination addresses the limitations of current ZTNA solutions, providing a comprehensive and efficient approach to securing both remote and on-premises work. First, this convergence enhances security by enforcing Zero Trust policies inline, in real-time. This means that security threats can be detected and responded to immediately, preventing them from propagating within the network. By continuously assessing the identity, device posture and application, granular access policies can be applied, ensuring that users only have access to the resources they need. And equally, the application of Zero Trust policies inline at the switch or access point closest to the user stops lateral movement of infected devices that might get access to the network, limiting the ‘blast radius’ of threats like ransomware. Second, the integration of Software-Defined LAN improves network performance by eliminating the need for hairpinning. Traffic can be routed directly to its destination, reducing latency and improving the performance of applications. This results in a better user experience, regardless of whether the user is working remotely or on-premises. Finally, this convergence simplifies network management. By integrating Zero Trust Security and Software-Defined LAN into a single solution, organisations can reduce the complexity and costs associated with managing multiple security products. This allows for a more streamlined and efficient approach to network management. In the evolving landscape of hybrid work, the convergence of Zero Trust Security and Software- Defined LAN offers a promising solution to the challenges of securing both remote and on-premises work. By addressing the limitations of current ZTNA solutions and providing a comprehensive approach to network security and performance, such convergence can meet the demands of today's hybrid work environment. As we move forward, it's crucial to continue innovating and adapting our security measures to ensure a secure, efficient, and seamless work experience, no matter where we choose to work. The integration of ZTNA and SD-LAN is uniquely positioned to meet the demands of both networking and security in a hybrid work environment. This combination addresses the limitations of current ZTNA solutions. FEATURES 36FEATURES 37What to look for when replacing an uninterruptible power supply A UPS will probably be installed and running for 10 or more years, so there is more than just purchase price to consider when buying a new one. However, there are some other, arguably, more important considerations to best ensure business continuity. Availability and speed of repair By their very nature, most UPS can be considered reliable and are certainly more reliable than the raw mains. High-reliability is often considered to be the most important attribute for any UPS solution, and to an extent, this is fair. However, it’s maximum availability that is the most important. This is because reliability is a measure of how often something will fail while availability is a measure of how often something is available to work. They sound similar but are two very different things. Consider this: Availability = MTBF / (MTBF + MTTR) Where reliability is expressed as Mean Time Between Failure (MTBF) and the speed of repair is expressed as Mean Time To Repair (MTTR). From the above equation it is clear that for any given MTBF the lower the MTTR (ie the faster the repair time) the closer the system availability gets to the desired 100%. So, speed of repair should be a key purchase consideration. Maintainability Almost all non-modular UPS need to be switched to manual bypass while being maintained or repaired. This places the critical load at risk of raw mains power related problems because the UPS is not working. David Bond, chairman, Centiel UK https://centiel.co.uk/ FEATURES 38Correctly sized modular UPS can have each individual module maintained without the need to manually bypass the whole UPS system. ‘Safe swap’ UPS modules are an upgraded version of hot swap modules that eliminate human error and make the removal and insertion of UPS modules safe to both the operator and the critical load. The latest modular UPS is fitted with ‘safe swap’ modules that can be repaired by module replacement, without risk to the critical load, in less than three minutes. The typical repair time for a non-modular UPS is just under six hours. This is why availability of nine nines (99.9999999%) is achieved by the latest three-phase modular UPS systems. Total Cost of Ownership (TCO): Scalability Most UPS that are installed are oversized for the load they supply. This is because the existing load is known but the future load may not be, so an oversized one is fitted ‘just in case’. The result – a UPS that is too big and costs more to purchase, maintain and operate. The scalable power nature of modular UPS allows you to ‘pay as you grow’ by installing a UPS frame fitted with only the number of UPS modules needed to support the existing load. If the load increases in the future another UPS module can be quickly and easily added. Efficiency A UPS will be operating 24 hours/day, 365 days/year for all its working life. If it is inefficient it will be wasting expensive power and creating heat that must be cooled. To put this into context, if a 100kW UPS has an efficiency that is only 1% worse than a more efficient system it is wasting 1kW every hour. At 50.897p/kWH (accurate at the time of writing) this UPS is wasting £4,458p/a or £44,585 over its typical 10-year useful working life. The latest generation of modular UPS are over 97% efficient and, because of their scalability, can be sized to ensure that they operate at an optimum point on the efficiency curve. It may cost a little more to install a scalable, highly-efficient modular UPS, but the ongoing OPEX savings will far outweigh any savings at the purchase price stage. In recent years three-phase modular UPS systems have revolutionised the power protection industry because, when properly configured, they simultaneously maximise load availability and system efficiency. However, not all modular UPS are true modular UPS that provide the availability, maintainability, scalability and efficiency benefits discussed above, so beware. If a UPS is replaced with a modular UPS that has: > ‘nine nines’ availability (99.9999999%) because its MTTR is less than three minutes > the lowest TCO because it is 97% efficient and incor- porates long life components that don’t need regular replacement > the ability to grow as the critical load grows so it is not outgrown > maintainability designed in so it can be fully main- tained without switching off Then it could probably be considered a very good UPS replacement. At Centiel, our design team has been working with data centres for many years at the forefront of technological development. We are the trusted advisors to some of the world’s leading institutions and our modular UPS product range only contains true modular UPS. Our CumulusPower three-phase modular UPS offers the industry-leading availability of 99.9999999% (9 nines), provides the lowest total cost of ownership (TCO) because of its very high level of operating efficiency and low maintenance costs, and is available in a single cabinet of 900kW capacity. Most UPS are oversized for the load they supply. This is because the existing load is known but the future load may not be, so an oversized one is fitted 'just in case'. The result – a UPS that is big and costly. FEATURES 39Next >