From Critical Infrastructure and Industrial Lines to Smart Buildings. What About Security?

Operational Technology security is key to everyday life.

Let's look at Slovakia's gross domestic product structure or where you go to work. An industrial park or an office in a smart building? Do you use healthcare services, energy suppliers, transportation, or go to a shopping center?

All these areas are already packed with technologies. Artificial intelligence, cloud, and 5G are bringing further challenges for Operational Technology (OT) security.

While awareness of IT cybersecurity in companies and state organizations is increasing, "OT security will still have to fight this battle," says Michal Srnec from Aliter Technologies.

Important Role

"Modernization of operational technologies is a significant area and challenge for security," evaluates the trend Maroš Trnka, head of the information technology department at Vodohospodárska výstavba.

In the energy sector, for example, control systems have been in operation for over twenty years. At that time, manufactured components or the control systems themselves were often designed more for longevity than security.

The security of these systems is increasing through the application of measures, but Slovakia faces a radical step. New control systems in the energy sector must now have parameters that meet the strictest OT security requirements.

Militarization of Technologies

We live in an era where technologies themselves, or their misuse, are becoming weapons. As we see east of our borders, the offensive begins with an attack on critical infrastructure.

With the amendment of the cybersecurity law, growing attacks, and the geopolitical situation, companies will increasingly deal with OT security. "We are inevitably facing practical implementation of changes, security tools, segmentation, and security strategies," predicts Maroš Trnka.

He immediately points out a chronic ailment - the lack of qualified experts in OT security. This also reopens the question of quality suppliers.

Traditional Problem

Operational security is characterized by dependence on specialized hardware and software suppliers. Third-party risk means that suppliers provide, support, and often develop specific technologies. While the local network infrastructure is in the hands of the company, the "keys to the mixer" are with the supplier.

According to cybersecurity expert Roman Čupka's experience, it often happens that the operator of information systems and critical infrastructure has no access to the security design of components and must rely solely on their manufacturers.

Paradoxically, manufacturers are not subject to such strict legislative frameworks as operators, so it is important that the "circle be closed". The EU Cyber Resilience Act should define security frameworks next year not only for IT manufacturers but also for OT technology manufacturers, ensuring their security lifecycle through standards and measures.

Let´s Move Forward

Many people automatically associate Operational Technologies or IoT technologies with industry or energy production and distribution. "Besides these areas, we can find these technologies in seemingly non-traditional environments," warns Tomáš Baksa, a business specialist at KFB Control.

Whether we enter a business center, shopping gallery, bank, or airport, dozens and hundreds of small helpers are installed everywhere. They make our lives more comfortable, pleasant, and efficient.

However, not all these IoT helpers were designed with cybersecurity in mind. They are often connected through various applications across the organization and are quite difficult to segment. Therefore, they represent attractive targets for attackers and threats to organizations.

Because of an Electric Frenzy

Cybersecurity consultant for critical infrastructure Martin Fábry draws attention to the cybersecurity of charging stations. This is a new topic worth considering, given that electromobility in Slovakia is rising sharply, with approximately one-third more charging stations added in the last year.

Currently, there are more than two thousand public charging points for electric vehicles in almost nine hundred locations. These "chargers" are equipped with intelligent technologies, which opens the door to potential cyber threats. Cyberattacks here can have serious consequences, from endangering transportation safety to network disruption and extortion of operators.

And a Smart Frenzy

The very term "smart buildings" means they are equipped with advanced technologies for management and optimization. This includes lighting, heating, ventilation, elevators, security, and other critical functions.

"In Slovakia, the current situation is that smart building security is almost never addressed. The security manager often doesn't even know that something like this exists in the building and should be dealt with," assesses Martin Fábry.

Building management system protection is often at a low level. Yet, cybersecurity of smart buildings is a key aspect that we must not underestimate. In Slovakia, this is still a little-known topic, but it is perceived very intensively abroad.

It's Already Happening

A building management system can be misused, for example, for cryptocurrency mining. Tomáš Baksa cites a case where an operator noticed unusually high load on building management system components. "After applying a security probe in the network, it was revealed that this was caused by an unauthorized crypto mining software installed and managed from an external location," he says about the successful outcome.

Another example of a security incident is the failure of cooling systems in a data center in the middle of summer. Within a few hours, it caused server overheating, which led to an urgent requirement to shut them down.



Source: HNšpeciál. 2024. “Kritická infraštruktúra, priemyselné linky až po smart budovy. Aká je bezpečnosť?” HN Online.sk, August 23, 2024. https://hnonline.sk/hn-special/96165504-kriticka-infrastruktura-priemyselne-linky-az-po-smart-budovy-aka-je-bezpecnost.

Accessed: 27. 3. 2025