Why Gen Z Is the New Force Reshaping OT Security

COMMENTARY

The era of intelligent operations is already here, but some operational cybersecurity processes have been left in the past. As the oldest members of Gen Z start their careers, they're bringing new expectations for digital experiences into the workplace. This trend has important and promising implications for operational technology (OT) security that can drive organizations to become more secure, resilient, and efficient.

Until now, signing into OT systems used in manufacturing, energy, and critical infrastructure industries has often been a slow, cumbersome process that's not particularly secure. OT systems — some with decades-old technology — use industrial protocols with limited security capabilities and weak remote access protocols. These legacy components have limited user access management capabilities that require additional access management solutions. The result is that authorized users must complete additional authentication steps, often with different credentials, to gain access.

Why is this still the case in an age of facial and fingerprint recognition? In short, the system has been maintained by more experienced employees, so no one saw a reason to change it. Yet as younger workers come onboard, the legacy systems are out of step with their generation's technology habits, skills, and expectations. Organizations that step up to address their needs can see multiple benefits.

Better Employee Experience Can Improve Retention

Employees who are frustrated or confused by legacy security processes are less likely to be fully engaged with their work and more likely to quit. That's especially true of younger workers. Half of Gen Z workers say they'll quit a job that provides poorly functioning or outdated technology.

Improving retention rates can always help companies control costs, but in today's manufacturing sector, employee retention is more urgent. More than 80% of manufacturers reported labor shortages in 2023, and onboarding new and contractor personnel requires investing in specialized training, unique processes, safety, and operational efficiency. By starting to modernize OT security processes and practices now, manufacturers can gain a competitive recruitment and retention edge with younger, skilled workers, compared to companies that take a wait-and-see approach.

Enhanced Security, Safety, and Compliance

Smart-factory transformation — using industrial Internet of Things (IoT), cloud computing, Industry 4.0, and OT-IT convergence — supports faster, more frequent user access sessions. This increases the need to enable remote access to critical data and devices to remote workers and third parties. It also creates new access patterns that require more advanced access management solutions, such as fine-grained least-privilege access.

Improving access control is critical for operations and safety. Incidents like repeated cyberattacks on national power grids and even consumer packaged goods (CPG) plants have shown that legacy security practices are no longer enough to protect OT systems, especially now that OT and IT are inextricably linked. High-profile targets aren't the only ones to experience attacks like these; in 2021, 73% of organizations with smart-factory operations reported at least one cyberattack within the previous 12 months.

While cybersecurity needs to expand to monitor and protect OT equipment and systems, workers also need to be connected and visible. For example, safety-critical jobs like refinery and oil rig work can monitor workers' location and health status in real time. That monitoring requires automated identity authentication and geolocation, along with access to personal health information and other sensitive data.

Comprehensive, streamlined cybersecurity is important for these kinds of functionalities, data protection, compliance, and better user experience. Besides enhancing employee experience and making work easier for tech-savvy employees, improved security processes can reduce data leakage and downtime caused by access friction and time spent waiting for credentials.

Building a Modern OT Cybersecurity Program

Based on data gathered from OT security leaders across a number of industries, organizations with the most mature OT cybersecurity programs follow a consistent set of best practices. These start with assessing the organization's complete cybersecurity profile to identify areas that need improvement.

Next, these organizations nurture a culture of awareness around cybersecurity threats to smart-factory and converged enterprise and OT operations. Because there are so many potential points of entry for threats, safety is an all-hands effort that is often directly related to safety.

With a growing culture of security and a set of cybersecurity benchmarks, an organization is ready to decide who owns risk management for OT cyberattacks. It's also ready to apply a framework such as NIST or MITRE ATT&CK to defensive controls that monitor cybersecurity and identify areas for improvement. Participation in industry intelligence-sharing groups such as MFG-ISAC can also help organizations learn about new threats to the sector as they emerge. Risk owners can then use industry knowledge with a proven framework to implement the appropriate defensive controls for their converged OT/IT environments.

Finally, mature OT cybersecurity requires comprehensive governance, oversight, and periodic assessments to help security tools, processes, and access keep pace with the evolving threat landscape — and with employee needs and expectations.

Forward-Looking OT Security Supports Future Innovation

As Gen Z expectations prompt employers to improve and update OT security, they're also helping move industry toward new capabilities. As OT, IT, IoT, and other infrastructures continue to converge and leverage emerging technologies, organizations will have new opportunities for more process automation, smart-factory and building innovation, and supply chain optimization. All those changes require the kind of modern, efficient, user-friendly security processes that Gen Z expects.