Huld

Security is not only an attribute of quality 

According to the Finnish Security and Intelligence Service (SUPO) and the Finnish Transport and Communications Agency (Traficom), Russia has targeted increasingly cyber-attacks to Finland. Organizations like Wärtsilä, Uponor and the Finnish News Agency (STT) have reported that cyber-attacks have become almost daily routine. Another trend is that Russia is channeling its intelligence efforts to cyber domain.

Me as a spokesman of cybersecurity have many times addressed customers’ decisionmakers on the need for security investments by emphasizing that security is an attribute of quality. I have changed my tune, security is not an attribute of the quality of the product, but an attribute of the product in its own right.

As the war in Ukraine has shown, protecting critical infrastructure is a key factor for societies to be able to survive in state of emergency. The emergence of new industrial security threats poses a significant risk to the safety and productivity of businesses in all industries. In recent years, there has been an increase in attacks on industrial control systems (ICS) and operational technology (OT) networks. This has raised concerns about the security of critical infrastructure, such as power grids, water treatment plants, and transportation systems. All these things we have seen happening in Ukraine as well.

• Ransomware. One of the most significant emerging threats is ransomware attacks on industrial systems. Ransomware is a type of malware that encrypts files and demands payment in exchange for the decryption key. In the case of industrial systems, this could mean that essential operations are shut down until the ransom is paid. Attackers can also threaten to release sensitive information or disrupt critical systems if their demands are not met.

• Exploitable IoT. Another emerging threat is the use of Internet of Things (IoT) devices as attack vectors. IoT devices are becoming increasingly popular in industrial environments, providing a range of benefits such as remote monitoring and control. However, many of these devices have weak security and are vulnerable to hacking. Attackers can exploit these vulnerabilities to gain access to sensitive systems and data.

• Malicious insiders. Finally, there is the risk of insider threats. Employees, contractors, and other insiders can intentionally or unintentionally compromise industrial systems, either through malicious intent or by accident. This can include everything from accidentally downloading malware to deliberately stealing sensitive data. The SUPO and Traficom report underlines the significance of this threat.

Overall, the war in Ukraine has shown that we need more robust security measures and a proactive approach to cybersecurity. Similarly, as organizations need finance or HR functions in their operation, security function needs to be at the same level of importance in organization compared to these. Not just a cute part under quality or IT. 

By: Tarmo Kellomäki, Director, Digital Security & Functional Safety at Huld Oy

Tarmo has recognized track record of building successful business in cybersecurity domain. Tarmo has wide-ranging expertise in mission-critical software and system development, cybersecurity and leadership of SME teams. Tarmo’s experience has been accumulated over 15 years from various positions in the Finnish Defense Forces and security consultancy business. Tarmo is active speaker in international security and technology events. Tarmo is a member of industrial cybersecurity standardization bodies and a board member of the Finnish Society of Automation’s Security & Safety –section (ASAF).