Cisco has just issued a research study about the state of networking in the broad Industry 4.0 sector, and it is really good – comprehensive, and well communicated. Quite how much of it is genuinely new or surprising is open to debate, but it tells a clear story that, at least, confirms what we thought we knew, and is worth repeating: that operational technology (OT) on the ‘shop floor’, once an untouchable ‘black box’ of strange industrial pyrotechnics managed by lifers in boiler suits, is being rapidly connected and exploded into white-collar IT environments in service of the twin gods of input and output (productivity and efficiency) – given life, hopefully, and called AI.
And that, at the same time, the devil is at the door – which is multiplied across networked OT systems – as armies of hackers after company secrets and ransoms. These are the dreams and nightmares visiting Industry 4.0 boardrooms, currently, and this is the narrative, more or less, the Cisco study tells. Everyone wants an industrial version of AI, it seems, which must be connected somewhere to the cloud, in order to drive productivity and efficiency, and to memorialise and automate the OT secrets that will be otherwise retired with an ageing workforce; and everyone is investing in the base-level networking and computing infrastructure to make it happen.
But the cybersecurity risks that attend such a fundamental reformatting of traditional siloed OT architectures are freaking out c-suite executives. To divide up a quote in the report, Cisco says (thirdly) that, “there is a clear sense that AI will boost business growth for those who can successfully use it to run better industrial networks”, and (firstly) that, “industrial networks are increasingly connected and OT networks are converging with their enterprise IT counterparts, creating a complex and dynamic environment vulnerable to cyberattacks”. This is complicated, also, by a “backlog of legacy systems and assets, an expanding attack surface and an overstretched workforce”, it says (secondly).
The report, conducted for Cisco by Sapio Research and available here, polled 1,000-odd “industry professionals” in $100 million companies in 20 “heavy”-OT industry sectors in 17 countries. It features some good stats, which are worth looking up – and might be explored in a couple of further posts in the weeks ahead. But its big takeaway is that OT security is top-of-mind, all of a sudden – because of this new IT/OT overlap, accelerating with the drive on AI. “Once a peripheral concern, OT security has become a mandatory focus for organisations,” writes Cisco. Nine in 10 (89 percent) of respondents cited cybersecurity compliance as “very” (51 percent) or “extremely” (38 percent) important.
A year ago, only seven in 10 (72 percent) said the same, and only three in 10 (29 percent) said it was “extremely” important. Which shows the escalation. Cisco presents a bunch of subplots around internal (see above) and external obstacles for industrial companies to upgrade networks, mostly, to support new-fangled AI processes; the most notable, level with cybersecurity ‘risks’ (capabilities?), is linked to deploying and integrating new technologies (like cybersecurity, cited by 34 percent). Hiring and retaining staff is another major challenge, cited by similar numbers; so is vendor integration – which gives way in the study to a (decent) Cisco argument about trusting fewer (one?) kingpin partner.
Some firms struggle with a lack of standardisation (37 percent), says the report; some struggle with disparate vendors and partners (36 percent). Invariably, Cisco advocates a “major vendor solution, designed for both IT and OT” and a “consistently-named… networking leader”. It writes: “Reputation matters when it comes to choosing the right partner.” But the report finds most (83 percent) have no plans to reduce the number of vendors they work with, indicating a preference to optimise existing technology rather than attempt to shed and consolidate platforms – or indeed, to choose new vendors with new solutions, which might be a blocker for firms pushing novel private 5G technologies.
The report features a central narrative twist, as well, about failing IT/OT collaboration, inadvertently opening the door to security vulnerabilities. Two in five companies (41 percent; described as a “significant” proportion) are struggling to join the dots, it seems, with IT and OT teams working independently on cybersecurity. “This represents an action opportunity for many businesses,” writes Cisco. Of course two-in-five doing it the wrong way, or the old way, implies three-in-five doing it the right way, and IT/OT integration, or collaboration, is a work-in-progress.
But there are also major inconsistencies in how security details are managed. The real expertise is within the IT team, typically, reckons Cisco, and should be managed centrally, like-for-like, across a global footprint. But a third (33 percent) are running local practices, led by local teams. This “risk(s) inconsistent deployments, skill disparities, and limited visibility across the OT estate”, it says. And yet everyone knows this is wrong, it seems; or at least, nine in 10 c-suite types (92 percent) are targeting a “unified cybersecurity solution for both enterprise and industrial networks” within two years, apparently. “There is growing influence of IT leadership,” writes IT networking company Cisco.
And then the payoff about AI, of course: that AI is the accepted vehicle to drive Industry 4.0 efficiency and productivity, even if it risks letting bad actors in. Half of respondents (48 percent) reckon AI will have the “most significant technological impact on industrial networking in the next five years”. Again, half don’t think that; but the study says also that three in five (63 percent) have increased spending on industrial infrastructure in the past year, presumably with a view to all of this AI whizzbangery. AI is the number-two spending priority in the next two years – after cybersecurity, which, one way or another, is also about AI. But Cisco seems to contradict this, too.
It writes: “Industrial organisations are fully aware of their risk from cybercriminals – after all, manufacturing firms suffered the highest share of cyberattacks in 2023. Industrial networking offers a large attack surface via industrial IoT connected assets. Our findings underline the drive to address this vulnerability, with cybersecurity reported as the second-highest OT investment area, after AI-enabled devices. AI devices may themselves be seen as a double-edged sword. While AI offers OT benefits such as process optimization and threat detection, bad actors are also using adversarial AI techniques to turn the technology against firms.”
Anyway, lots to chew over. The official quote, from Vikas Butaney, senior vice president and general manager in Cisco’s networking business, goes: “OT, and specifically the network supporting industrial operations, has become a key differentiator for organisations globally… IT and OT leaders recognise that strengthening their OT security posture is critical to drive business resiliency, improve efficiencies, and prepare for the next wave of innovation with AI… [Industrial networking] has become a key differentiator for organisations globally, across a wide range of industries including manufacturing, utilities, and transportation. In short, the network has never been more important.”
