Adding cybersecurity to the system integrator toolkit, even if it isn’t your sweet spot

By Brandan Lickey posted 03-21-2018 16:17


This is the first in a three-part series on the imperative and value-add opportunity for system integrators to add cybersecurity to their toolkits when servicing the industrial and manufacturing sectors.

Digital transformation and automation is changing the way your clients do business. But moving from an analog to digital posture opens manufacturing and processing industries to cyber risk. Yet, very few SIs are integrating cybersecurity into their offerings, this creates a lucrative opportunity to expand your company’s role. Here’s how you can take advantage, even if cyber isn’t your sweet spot.

Filling the void: Is it time to add cybersecurity to your toolkit?
Independent system integrators in the industrial space are nothing new, but in recent years they’ve moved from a support role in the manufacturing and process industries to playing a more critical role in engineering services engagements.

A recent survey by CSIA and Automation World, found that entire engineering departments are now habitually outsourced to system integrators (SIs), concentrating their internal resources on core competency tasks. This is good news for SIs, who bring new capabilities and engineering talent to a traditionally analog industry. Automation (the integration of new hardware and software systems with legacy), digital sensors and the Internet of Things (IoT), all bring new opportunities for the industrial sector to improve manufacturing and industrial processes, add valuable system improvements and reduce risks in areas such as downtime or compromise.

Yet, a critical adjunct to the buzzword of the moment, digital transformation, is often overlooked – cybersecurity. As organizations chart a course to smart factories and smart infrastructure, cybersecurity has yet to assume center stage, and that’s a problem.

Connected industrial systems are bountiful targets for hackers
Much of the reason for cybersecurity’s back seat role is that the industrial sector, in its pre-automation state, didn’t have to worry about cyber threats. Analog systems and standalone equipment created little exposure. And where digitization existed, embedded cyber controls were rarely accessed or modified for fear of potential disruption to their environment and non-compliance consequences.

It’s a naïve view that can have devastating consequences. As the promise of automation drives smart factories and smart infrastructure to embrace digital operations and interconnected systems, their attack surface increases exponentially. According to Computer Weekly, cyber-attacks increased nearly 25% globally in the second quarter of 2017, compared with the first three months of the year. The manufacturing industry was the most heavily targeted as threat actors see prospective gains in attacking networks in this industry. And, experts agree that far more attacks are going on than are made public.

With intellectual property at a premium and industrial control systems (ICS) often left unguarded, the lack of investment in cybersecurity is problematic. After all, cybersecurity goes to the very heart of system reliability in manufacturing and industrial sectors. A cyber-attack can cripple or kill critical systems; compromise ICS component firmware; re-route, alter, or exfiltrate data, such as customer information; and cause untold damage to the organization’s reputation. If threat actors have control of your network, they can control everything.

The cyber opportunity
Without a cyber strategy in place, any path to digital transformation opens the business up to risk, and industry is taking note.  As it undergoes a digital renaissance, the industrial landscape has placed end-to-end security as a key priority, especially among larger organizations. Yet, even as demand increases, SIs, notably some of today’s biggest players, aren’t investing as heavily in security engineering and support as one might expect.  

With market demand, and an apparent lack of supply, the opportunity for SIs to solidify their customer relationships and expand sales into greenfield business is significant.

Of course, cyber expertise doesn’t come easy. Cybersecurity skills shortages are notorious and can create recruiting chaos. CSO Online reports that 45% of organizations claim to have problematic shortage of cyber skills. Add to this the complexity of securing legacy industrial systems that were not built for network access, ensuring continuity of service or minimum infrastructure impact, and the challenge of battling the age-old mindset of if it ain’t broke, don’t fix it – taking on the role of cybersecurity specialist in this sector is a considerable ask.

However, significant improvements are possible. Partnering with a cybersecurity specialist to augment your offerings, for example, is perhaps the most seamless route to go, particularly if that firm offers solutions that are easy to deploy, can be offered as managed services, don’t require extensive changes to the customer environment and don’t affect operational processes.

With a cybersecurity offering that checks these boxes for the end-client, you can guarantee rapid deployment to customers, ensure the cost-effective integration of security features and deliver an evolutionary, iterative approach that avoids the dreaded disruption of a big-bang methodology and that can be customized according to the customer’s needs and schedule.

Don’t pass on the opportunity
We live in a digital world where cybersecurity will be a determining factor in the financial success of SIs in the industrial and manufacturing sector. While cybersecurity threats may keep your clients up at night, quashing those threats may turn out to be the kind of value-add opportunities you’ve been dreaming about.

Want to learn more about how you can add cybersecurity to your toolkit? Visit