The Digital Transformation age is focussed on integrating digital technologies such as social, mobile, manufacturing, cloud computing etc. It will inherently lead to new types of innovation and creativity and is already having far reaching application across business, government, medical and mass communications to name a few. The Internet of Things (IoT), that is connecting everything to everything, also presents new challenges to organisations. This new world places Business at risk because they have not embraced security standardisation, developed a holistic view of business risks across the business, or determined how Information Technology (IT) and Operational Technology (OT) will work together to minimise the risks.
Digital Transformation is really a business transformation. Business Models need to be rewritten to take advantage of the new possibilities that Digital Transformation brings as well as how to monetise these opportunities. It is not just about deploying Smart Objects on the factory floor or implementing a blockchain solution to take care of one aspect of the business, it is about developing a go-to-market blueprint that will include reorganising the business, embracing the new technologies, optimising processes, binding customers and aim for a profitable outcome.
There is a huge trend to move away from offering just products and replacing them with customer services. We have seen this for years with Cloud-based software licensing and, as an example, several markets have introduced electric motor vehicles on a “user pays” basis, so instead of buying a car for city use, you rent one by the hour or the day (find one on the street, walk up, and open it with an app on your smartphone), just like other services like bicycle rental.
In the Manufacturing sector, Smart Manufacturing has brought with it a whole new set of business opportunities but also increased risks. The object of Industry 4.0 is to connect the manufacturing environment and OT to optimise the end-to-end processes and to build a service infrastructure between the business and the end customer. Optimisation will be disruptive and may well disenfranchise the middlemen, such as brokers and dealers, from the new operating model.
Optimising the end-to-end view of an organisation that joins the business view to the manufacturing view opens up the manufacturing side to attack as well as the business systems. This changes the security paradigm and puts everything at risk. The IoT and “things” controlling a manufacturing process open up areas of cyber threat that were not previously there. With Smart Vehicles a blackbox could capture data such as performance, location or payment information which would be made available to service providers, motor manufacturers, insurance companies, law enforcement etc. There are a myriad of possibilities and they all need to be managed in an optimal, controlled, safe and secure manner.
A new Business Model must incorporate the requirement to adopt a standardised and configurable security infrastructure to manage cyber risk and at the same time, enable the business to become agile. Agility will enable the business to quickly react to new opportunities or changed circumstances and improve its competitive advantage.
Businesses must also develop a Risk Management Plan to deal with the new circumstances, with a focus on risk mitigation. While risk cannot be totally eliminated, major risks can be identified and mitigated that could endanger the organisation from a number of different perspectives: cost, reputation, regulation, legal, business process, or technical. A comprehensive communications plan is also vital to addressing incident responses across the spectrum of the enterprise.
In this new Digital Transformation age, organisations have to think about security by design and, as a result, agility by design. The IT/OT group must implement a secure, standardised and configurable security infrastructure that embraces security and privacy by design. This will allow an organisation the flexibility required to open or close configurations to meet changing regulatory demands, exchange information with the outside, and address risks as they occur in a quick and economical way and not in the old inefficient ways of costly and risky code changes.
Organisations might consider merging the IT and OT organisations to deliver their part of the Business Model in a more efficient and integrated manner. OT has always been challenging in its own right. OT systems are required to control valves, engines, conveyors and other machines to regulate various process values, such as temperature, pressure, flow, and to monitor them to prevent hazardous conditions. OT systems have used various technologies for hardware design and communications protocols, that are unknown in IT. The most common problems are legacy system and devices and numerous vendor architectures and standards. The focus of OT has been availability rather than confidentiality, integrity and availability as is the case with IT. As OT embraces Smart Devices, integrating OT into an overall enterprise solution will require standardised data exchange abilities and standardised, configurable security to manage the environment. Combining the IT and OT organisations can help facilitate and optimise an organisations end-to-end security and data management in a consistent and optimal manner.