Skip to content Skip to footer
Search

Loading Results

Interview: Experience IT and OT risks first-hand at PwC’s Cyber Security Experience Center

19 April, 2022

An interview with Dr. Oliver Hanka. Interfaces between operational technology (OT) and IT systems are becoming increasingly common in critical infrastructure and industrial settings, making these systems an increasingly attractive target for cybercriminals. PwC’s new Cyber Security Experience Center in Frankfurt is designed to show how to protect your company from these threats.

About Dr. Oliver Hanka, Director Cyber Security & Privacy at PwC Germany: Dr. Oliver Hanka has held positions of responsibility for product and OT security at various international companies, allowing him to advise his clients based on a broad spectrum of practical experience in the field. His core areas of expertise include developing, planning and implementing tech-enabled IT and OT security strategies.

Dr. Hanka, what can visitors expect from PwC’s new Cyber Security Experience Center?

Dr. Oliver Hanka: Our integrated ecosystem will enable visitors to learn about the risks for IT and OT systems in networked industrial settings. To do this, we’ve connected a series of models to physical programmable logic controllers, industrial control systems (ICSs) and supervisory control and data acquisition (SCADA) networks – these include an industrial robot, a water treatment system and a building management system. 

Our experts can use this equipment to demonstrate the consequences of a cyberattack without putting either people or infrastructure at risk. And we can also show companies how to reliably combat common types of attack.

How exactly have you designed the ecosystem?

Hanka: We’ve developed a scenario that’s as lifelike as possible so that we can clearly show the various implications of an attack on critical infrastructure. At the centre, we’ve got a model of a hybrid power plant, which provides power to all other parts of the ecosystem. As well as the models we’ve already talked about, we also have a digital patient monitor, a building management system, an industrial robot, a gas pressure reducing and metering station, and a simulated logistics centre featuring real industrial control systems. If, for example, the power plant is shut down by a cyberattack, visitors can immediately see the effects of this on other critical infrastructure, such as hospitals or water treatment plants.

How likely are attacks like this?

Hanka: Back in 2015, hackers managed to cause a power failure that affected more than 200,000 people in Ukraine. Last year, a ransomware attack shut down the largest oil pipeline in the US.

These cyberattacks will keep happening because critical infrastructure offers an attractive target, both for state-sponsored hackers and for organised criminals – regardless of whether the motivation behind an attack is financial or geopolitical.

What do industrial companies and operators of critical infrastructure need to do to improve their defences against these attacks?

Hanka: The first step must be to be aware of your attack surfaces and properly delineate them. You need to be clear about what needs protecting in order to defend it effectively. Many managers don’t even know where the open gateways are in their infrastructure. This is why we want to use the Cyber Security Experience Center to raise awareness. At the same time, our experts will offer valuable tips for companies and critical infrastructure operators on addressing vulnerabilities, or – if it’s too late to do this – on successfully combatting an incoming attack.

Why is there such a lack of awareness of these risks?

Hanka: A lot of the problem is down to how responsibilities within companies have developed over time.  

Traditionally, interfaces between equipment specialists and IT specialists were fairly straightforward: one team dealt with operating the machinery, and another team kept the networks and systems running. As digital technology has become more and more widespread, the lines between these two areas have become increasingly blurred, but the team structure has not been adjusted to match. This inevitably creates blind spots.

Many digitalisation projects, such as building industrial internet of things (IIoT) networks, need expertise from both areas – and the same is true for some security precautions. Reliable threat detection, for example, requires IT experts to recognise suspicious irregularities in the operation of machinery.

How are you planning to develop the Cyber Security Experience Center in the future?

Hanka: We’re already working on more models to broaden the spectrum we cover. We’re currently planning to add equipment from the mobility (rail and aviation) and healthcare sectors. We also want to add 5G infrastructure to the ecosystem.

Follow us

Contact us

Dr. Oliver  Hanka

Dr. Oliver Hanka

Director Cyber Security & Privacy, PwC Germany

Tel: +49 160 510-5836

Hide