Interview to Ari Rajamäki, Product Manager Cybersecurity, Valmet
The increasing digitalization of the manufacturing process, coupled with growing connectivity to IT services and the cloud, has led to new threats to operational technology (OT) systems. At IOTSWC23, Ari Rajamäki explained how Valmet utilizes both on-premises and cloud computing to develop and deploy secure Industrial Control System (ICS) products and services to effectively respond to new threats and manage production risks.
Valmet is a leading global developer and supplier of process technologies, automation and services for the pulp, paper, and energy industries. How are these industries facing cybersecurity problems?
Critical infrastructure, which encompasses a range of systems such as energy production, water treatment or waste management, is particularly vulnerable to cyberattacks that can disrupt daily life and threaten public safety. So, businesses and industrial sectors operating in critical infrastructure sectors are more aware of the risks and take proactive measures to protect their systems and data to be able to respond quickly to potential threats.
Did the covid pandemic change the way to manage risks?
There has been a growing awareness of the importance of IT and information security risk management in production, particularly as it pertains to networks. As a result, there has been a significant change in this area, with an increased focus on mitigating risks and potential consequences. The media coverage of ransomware attacks compromising production systems has further heightened concerns among corporations, leading them to seek help from vendors to improve their protection and capabilities. This has led to the development of automated measurement tools to better sense and respond to these risks.
How is Valmet helping companies navigate in a multi-site, multi-vendor environment?
Valmet engages in frequent communication with customers to provide services and gain insights into how their products and systems are operating. In recent times, there has been a surge in cybersecurity-related queries from customers who are seeking to comprehend the potential problems that they might face. As a global developer and supplier, we aim to assist them in identifying and addressing these concerns through technological solutions, process automation, and understanding of the entire platform and product network. This requires an in-depth understanding of not just the development and delivery phases, but also the entire product lifecycle, encompassing all networks. As such, we continuously advance our understanding of the process and cybersecurity threats and risks to better serve our customers.
What would be your security advice for companies now starting in the industrial IoT sector?
Understanding the potential risks and their consequences is crucial for any corporation. Identifying critical systems and ensuring their protection should be a top priority. The best starting point for this process is a cyber risk assessment. It allows corporations to evaluate the potential risks and consequences associated with their products, identifying any safety or business issues. This information can then be integrated into the corporation’s existing risk management plan. If necessary, corporations may need to explore new technologies or vendors to better manage their risks. A high-level risk management assistant can help facilitate this process. So, the first step is to assess the current situation, evaluate the level of protection in place, and then work on implementing any necessary changes to mitigate the identified risks.
Interview by: Anna Solana