Dr. Liu, recent studies by TÜV show that one in ten companies is already affected by cyberattacks. Do you think this figure is realistic?

Dr. Terence Liu: In our 2022 survey of cybersecurity executives, 94% of respondents worldwide reported security incidents in their companies that primarily originated from IT. In Germany alone, this figure was 89%. Another questionnaire revealed that 70% of the companies surveyed worldwide had been affected by data encryption or operational disruptions with ransom demands, in Germany the figure was 74%. These statistics, gathered directly from executives responsible for OT security, reflect the reality that OT is no longer safely air-gapped, but can very well be affected by cyber threats emanating from IT. Improved cyber security measures are urgently needed.

How pronounced is the understanding of the threat situation in companies? Are there regional and industry-specific differences?

Liu : The cyber security landscape in companies varies greatly in terms of size and professionalism. The analyst firm Gartner has outlined six levels of OT/CPS (Cyber Physical System) security, with the majority of companies (60%) still in the first phase of security measures. Only a small proportion (10%) have already developed solid OT cybersecurity strategies. TXOne Networks primarily serves large enterprises, which gives us the opportunity to work with leading security experts to define the best OT cybersecurity measures in different industries. However, there are differences between companies in the same industry and between different industries and regions.

What are the biggest misconceptions about the cyber threat?

Liu: A common misconception in the field of cyber security is the idea of security through obscurity. This idea assumes that a closed network is immune to threats just because they appear to come from the outside. However, this is not the case. In reality, closed networks can still be vulnerable, and relying solely on air-gapping for security often requires emergency response when problems arise. The lack of proper network segmentation in flat network designs magnifies the damage when cyber threats spill over from IT into OT. To strengthen the protection and resilience of networks, it is critical to prioritize network security and implement effective network segmentation.

In most cases, IT infrastructures are affected by malware first, followed by the infection of the OT environment. How can both levels be protected?

Liu: To answer this question, we need to look at it from two different perspectives. First, it is important to recognize that in many cases, OT environments bear the brunt of collateral damage originally directed at IT environments, with ransomware being the predominant threat. When cyber attackers infiltrate an organization's systems, they actively deploy ransomware or malware wherever possible. If the network perimeter between IT and OT remains permeable, hackers will not hesitate to introduce such malware into the OT domain, increasing the level of destruction. Unfortunately, many organizations struggle to maintain effective OT cyber hygiene because they rely on IT security tools that often face natural limitations when applied to the OT realm. These limitations include over-reliance on the internet, support for outdated operating systems and the restrictions of service level agreements (SLAs) for the installation of software. However, these barriers can be overcome by using appropriate OT-native solutions.

A digital attack that specifically targets OT systems, on the other hand, presents a completely different picture. Such cyber attacks are often carried out by highly skilled individuals or even state-sponsored hackers who are able to bypass traditional security measures. As a result, OT cybersecurity solutions must respond effectively to these threats and provide early warnings even before the specific malware is identified.

To protect OT environments in a connected world, IT and production must work together. What are the biggest points of conflict in this collaboration?

Liu : When discussing the attitude of operational staff towards cyber security, misunderstandings often arise as it is sometimes claimed that they do not attach enough importance to it. However, this perception is not true. In reality, production staff simply have different priorities when it comes to the fundamental principles of the C-I-A (Confidentiality, Integrity, Availability) security triad. While IT professionals tend to prioritize the confidentiality and integrity of data over its availability or uninterrupted production operations, those familiar with production processes argue vehemently for their A-I-C order of priority. They do this because they recognize that production operations are the key driver of a company's value creation. It is important to note that despite the different order of priorities, the end goals remain the same.

How can these conflicts be resolved?

Liu: We know that companies want to achieve their goals without compromising the safety or availability of their production. That's why we approach this problem from a unique perspective and offer security solutions specifically designed for OT environments. Our solutions are user-friendly, minimizing system overhead while providing high-quality security features. We also understand the challenges posed by software installation conditions and industry regulations. For this reason, we have dedicated ourselves to developing a range of cybersecurity solutions that meet the needs of both OT and IT staff, with the aim of ensuring smooth and effective production operations.

As an industrial cybersecurity provider, what role do you play in this?

Liu : In the field of OT security, there is no one-size-fits-all solution. That's why we carefully adapt and optimize our offerings to the specific requirements of OT systems and the industries we serve. This includes the integration of security functions, the optimization of end-to-end processes and a well thought-out design philosophy. Our customers benefit from the fact that our company was founded by experts with extensive knowledge of both IT and OT security. This enables us to effectively close the existing skills and security gap and meet the specific needs of our customers in both areas.

How will artificial intelligence influence cyberattacks and cybersecurity in the future?

Liu: Hackers and cyber defense experts share a common predilection for new technologies. As artificial intelligence becomes more relevant to cybersecurity, we can expect to see an increase in sophisticated fraud methods, including the infamous deep fake technique. In addition, social hacking will become increasingly personalized, guessing credentials will reach new levels, and malware will become even more adept at disguising itself until it reaches its target. Fortunately, there are also positive developments thanks to AI. We have long relied on AI-powered threat awareness and innovative techniques in our products to improve our detection performance, accuracy and operational efficiency. The cybersecurity landscape has evolved into an exciting race between the red and blue teams, both of which have recognized the wide appeal of AI as a formidable weapon. To ignore its potential would be a disservice to both sides.

With all the negative news surrounding cyberattacks, some may lose heart. What would you like to say to these people and companies?

Liu: Cyber security is an inescapable necessity that no one can avoid. As OT technologies advance, security technologies must also keep pace. When it comes to cyber security, it's never just a matter of "yes" or "no", but rather the right time and the best approach to implementing protective measures. It's never too late to start this important endeavor. Whether we learn from our own mistakes or from the missteps of others, we become stronger and safer. In summary, by adopting cybersecurity measures, we will be better able to cope and become more resilient in the ever-changing technology landscape.