When you ask the average person how to protect themselves against hackers, most people will start talking about the importance of having a secure password or not opening a phishing email.
As a Senior Software Architect at Siemens Argentina, Adrián Allende doesn’t work on this type of cybersecurity. “My job is very different,” he says. “I’m an IT guy working in industry, so I deal with specialized automation equipment. It’s closer to electronics and operational technology than information technology. In IT your most important priority is confidentiality — then integrity and then availability.”
It’s the total opposite in operational technology (OT). Big systems can’t afford to go down for any amount of time and developers can’t duplicate and back them up like software. “You can’t have a back-up power plant,” he jokes.
The biggest hurdle Adrián has to overcome is getting his clients to think about computers beyond the realm of screens and keyboards. “In industrial facilities, there are so many devices that can be attacked,” he says. “But even the people who work there who know electronics don’t think of these machines as something that can be hacked.” The reality is that anything with a computer inside of it is vulnerable to malicious takeovers, so every device has to be safeguarded.
For Adrián, this means creating rings of protection around each device. “It’s a bit like a castle with a moat around it,” he explains. “It increases the defence measures and increases the odds of trapping the intruder in between each one and stopping them from causing any more damage.”
It’s not just devices Adrián has to teach his customers about. Hackers rely on any form of connection to break in and hijack a device. Traditional factories are little mini cities of communication with vast amounts of cables connecting isolated factories with the outside world. “Even cables a couple of kilometres long in a distant place with an isolated network are the potential starting point for an attack,” he acknowledges.
Not only has the internet made devices less secure, but it’s also helped hackers refine their abilities. After all, factories produce some of the most valuable goods in the world, from the technology itself to oil and gas, so it’s easy to understand the temptation to breach OT security. “It’s easy to find out how to do one of these attacks online,” Adrián says. “There are even YouTube videos on it. But still, our customers don’t always realize the damage intruders can bring about.”
Another reason why Adrián’s customers don’t grasp the gravity of industrial cybersecurity is because they tend to rest on old and out-of-date perceptions. Security by obscurity has often been a mantra of the cybersecurity community. It means that, if a security system’s flaws are well hidden, then it’ll remain concealed from the prying eyes of hackers. “They think all this information is tucked away in some dark place but, for some people, it’s not. A potential hacker can learn everything they need in a week.”
At the most basic level, Adrián wants these titans of industry to embrace a holistic approach to defence. In Argentina, the law is starting to catch up by making people aware of hacking activity but it can’t come soon enough. “It’s like different cultures,” Adrián adds. “Cybersecurity is entirely dependent on the environment.”
Adrián Allende lives in Buenos Aires. Find out more about working at Siemens.
Adrián is one of the many talented people working with us to make real what matters.
Photography: Franz Grünewald
Video: Mattias Matoq
