Yavuz Aydın – Deputy General Manager
İNDAS GROUP
Digital transformation enhances the efficiency of industrial facilities while also introducing new threats. In production sectors such as cement, mining, and chemicals, protecting automation systems against cyberattacks is of critical importance. At this point, Indas stands out with its expertise in industrial automation, playing a key role in ensuring the security of factories through its OT cybersecurity solutions.
Can you tell us about Indas and the services it offers?
Indas Automation was founded in 2004 by our founder, Fatih Em, leveraging his 30 years of experience in the cement industry. For the past 20 years, we have been providing turnkey factory solutions across various industries, primarily cement, as well as mining, chemicals, paint, energy, water, automotive, and defense.
We are a Siemens PCS7 Solution and Expert CEMAT Partner. Our journey began with Indas Automation, where we specialized in PCS7, PLC, and SCADA automation services. Building on our automation expertise, we established Indas Technology, focusing on software development to create tailored solutions and products. We integrated automation systems with ERP systems, developed data collection and energy monitoring software, and provided solutions that enhanced cost efficiency, productivity, quality, and overall production performance. With the establishment of Indas Electromechanic, we began in-house manufacturing of all MDC, MCC, and PLC panels while also forming our field electrical teams to offer comprehensive electrical solutions. Today, as Indas Group, we provide Turnkey Factory Solutions, covering everything from high-voltage energy systems to field electrical installations, panel manufacturing, automation, system integration, engineering, and commissioning.
In recent years, many of our factories have suffered cyberattacks, leading to production losses, financial setbacks, and reputational damage. Recognizing the need to not only build factories but also protect them, we established Indas Cybersecurity to enhance security with specialized cybersecurity solutions, reinforcing our commitment to industrial protection.
With the belief that “those who know something best can protect it best,” we decided to ensure security in the field we know best.
Automation and cybersecurity are vastly different fields. How did you decide to enter this sector?
While IT and OT were traditionally separate departments, digitalization has brought them closer together. However, each one presents differences in terms of solutions, requirements, and competencies— almost like different languages and cultures. Cybersecurity, on the other hand, is a highly specialized field that requires unique expertise beyond both IT and OT. In Türkiye, there are large and highly specialized cybersecurity firms that serve industrial facilities. They provide multilayered security solutions, including secure access, network security, and device protection. Through penetration testing, they identify vulnerabilities and ensure that these weaknesses are addressed.
However, these solutions primarily focus on IT networks. When we move to the lower layers, the field level, and OT networks, we encounter a complex structure consisting of multiple sub-systems, numerous OT networks, and hundreds of automation devices. Understanding OT devices in the field and control panels, their roles in industrial processes, communication structures, protocols, and network segmentation requires a completely different level of expertise.
Factories in Türkiye have been targeted by cyberattacks. We realized that while cybersecurity firms have strong expertise in IT security, they lack sufficient proficiency in OT security. With the belief that “those güven know something best can protect it best,” we decided to ensure security in the field we know best. For the past two years, we have been actively working in this area, and with each passing day, we gain a deeper understanding of the growing threats in OT cybersecurity.
Without experiencing an attack and without our facilities being halted, we must raise awareness in cybersecurity and establish the necessary OT cybersecurity structures.
Cyber-attacks are not new phenomenon, they have existed for many years, why have they become more important now?
Why did cyberattacks become critical when there was no such danger in the OT field? In factories, OT networks consisted of machines, production lines, and automation systems that operated locally in the field, communicating only among themselves without any connection to upper-level networks and were strictly isolated from IT networks. Industry 4.0 has taken us to a new level in digitalization. We integrated all PLCs into the factory network and started collecting real-time production data. We connected machines to the network to calculate their OEE performance. We included energy analysers in the network and calculated our energy costs. We established communication with SCADA systems and designed centralized monitoring dashboard screens. We set up an OPC server, integrated with ERP systems, matched production with work orders, and automatically transferred finished products to warehouses via WMS.
These solutions have made our lives easier, increased production and quality, and reduced costs. However, in doing so, we have made all field devices and systems, which were previously inaccessible, now fully accessible. In the past, a hacker who infiltrated the factory network could encrypt IT systems and servers. Today, they can also breach OT networks, encrypt PLCs, SCADA systems, machines, and all devices on production lines, directly halting production.
In this case, we can say that Industry 4.0 has increased our vulnerabilities. So, why are we unable to protect our OT networks despite having so many specialized cybersecurity firms?
A specialized cybersecurity team provides secure VPN access for external entry into the factory. Internally, they create sub-networks using VLANs to isolate different departments from one another. They manage the network and devices through firewalls, security policies, antivirus programs, and similar solutions.
However, they do not understand a cement process. Knowing how many OT networks exist at the lower level, each with its own subnetworks, the field devices they communicate with, such as panels, PLCs, Remote I/Os, HMIs on the field, weighing devices, and the communication protocols of these systems requires a separate expertise. Cybersecurity firms are aware of the importance of the OT level and are developing themselves in this area, yet they are currently not sufficient. Mastering the requirements of our OT world in a short time is not an easy task. Consequently, there are many vulnerabilities and openings in the OT layers within current cybersecurity solutions. In this process, as an automation specialist with control over the field in the cement industry, we have started to provide cybersecurity services to support both our factories and the cybersecurity solution providers.
This year, we will establish a company abroad to expand our presence in Europe.
What is the importance of cybersecurity in industrial facilities such as the cement sector? What are the biggest threats faced?
The cement sector is one of the key industries driving Türkiye’s economic growth, making it a significant target after the energy sector. In cement plants, alongside new investments, capacity expansions, automation systems, predictive maintenance, and digitalization projects, cybersecurity must become a top priority. Without experiencing an attack and without our facilities being halted, we must raise awareness in cybersecurity and establish the necessary OT cybersecurity structures.
When a factory is hacked, all PLCs, SCADA systems, HMIs, screens, and OT devices can be shut down instantly. Production stops, sales are disrupted, and beyond financial losses, reputational damage is inevitable. If the attack is financially motivated, large sums of money may be demanded. However, if the goal is destruction, both facilities and human lives could face severe consequences.
Is OT cybersecurity given enough importance in Türkiye? What are the main shortcomings in this area?
IT teams in factories and the cybersecurity service providers they work with have a high level of awareness and take necessary precautions at the IT level. However, while IT networks have high-level security measures in place, OT networks remain vulnerable with significant security gaps. For example, while IT networks are protected by firewalls, OT networks often lack this critical layer of defence. Even where OT firewalls are present, there is a lack of proper protocol filtering or correctly defined rules tailored to OT requirements. OT segmentation structure, separation of OT networks into cells, OT devices communicating with each other need to be configured correctly. While pentests are performed in IT networks, they cannot be performed in OT networks. ISO 27001 Information Security efforts remain at the IT level; we need to restructure our facilities and OT infrastructures according to IEC 62443 Industrial Cybersecurity standards.
What are your implementations and solutions in the field of OT cybersecurity?
At the OT level, we have OT networks that are independent of each other, built in different structures and at different cybersecurity levels.
OT Fieldbus network is the lowest-level network where communication occurs between PLCs and their connected I/O modules, HMIs, variable speed drives, weighing systems, and other devices.
OT Plantbus network facilitates communication between PLCs, SCADA servers, and both local and foreign manufacturers’ systems.
OT Terminalbus network is the communication network between servers and operator Client computers, OPC systems, integration networks, and the IT network.
In a cement plant, it is essential to understand and have cybersecurity expertise in various communication structures, such as the integration between the packaging plant and either the silo truck filling or bag filling machines, the connection between the cement mill and other systems, the communication between the kiln and the cooling system, the integration of raw material and coal mills, and the communication between crushers, reclaimers, stackers, and the central DCS system.
At Indas Cybersecurity, we start by scanning all OT networks to create an accurate asset list. We then map out the system topology by identifying field panels, local automation systems from manufacturers, PLC brands, and communication protocols. Through vulnerability analysis scans, we detect and report security gaps in OT systems. The real implementation begins after this phase, where we provide the necessary solutions to close all vulnerabilities and secure the systems.
In 2024, Siemens introduced industrial cybersecurity solutions, including OT firewalls, vulnerability analysis software, and real-time monitoring software. As a result of our investments and work in this field over the past two years, last year we became Siemens’ first and only OT Cybersecurity Partner in the world. Additionally, as a Fortinet IT/OT Cybersecurity Partner, we have started offering turnkey cybersecurity solutions for both IT and OT systems.
As a result of our investments and work in this field over the past two years, last year we became Siemens’ first and only OT Cybersecurity Partner in the world.
Indas has taken innovative steps not only in automation but also in many areas, from cybersecurity to digitalization. What is the approach behind this vision?
Can you tell us about Indas’ future goals? At Indas, we have always pursued a different vision. We did not just develop automation software; we spent days in the CCR working as operators—we became real cement professionals. We integrated ERP systems years ago, and then Industry 4.0 emerged. We interconnected subsystems based on process needs, and years later, this became known as IoT.
For digitalization projects, we aimed to develop a domestic and national OPC software and created a specialized solution capable of communicating with every PLC brand and protocol. While data reading was possible in half a second, we pushed the limits to achieve data collection in microseconds and nanoseconds.
We ignored comments like “Cybersecurity is a difficult and different field for an automation company.” Instead, we took on a unique mission, believing that protecting our factories from cyberattacks is a national issue. My personal career goal, as well as that of our company’s leadership, is to transform Indas into a global brand. This year, we will establish a company abroad to expand our presence in Europe. We will continue to develop successful projects that add value to our country, both domestically and internationally.
