The Need For OT-centric Cyber Security Strategies

Cyber security is consistently hailed as a top global concern for governments, individuals and businesses alike. However, most rhetoric on the subject focuses on securing information technology (IT), rather than operational technology (OT). Today, organisations need a different approach.

Cyber security has experienced an image transformation in the last two decades. No longer is it seen as a technical enigma handled only by the most senior specialists, but it is now an essential part of every businesses operation. Indeed, according to some estimates, there could be up to 4 million openings for cyber security related jobs worldwide, with information security analyst being the tenth fastest growing occupation over the next decade. 

However, the next generation of cyber security specialists must understand the stark differences between IT and OT security. 

The OT Challenge

OT is typically defined as the hardware and software that manages the operation of a process or processes. In an industrial setting, this describes industrial control systems and their connected equipment - think programmable logic controllers (PLCs), human-machine interfaces (HMIs), plus any form of automation such as pumps, fans and compressors. Put simply, OT is the technology that keeps plants running. 

While the basic purpose of IT and OT cyber security are the same: to protect devices, networks, systems and users, there are some significant differences, and as such, significantly different consequences to their failures. 

Among the most crucial areas of cyber security in OT is the protection of critical infrastructure. According to data released by the Organization of American States and Trend Micro, 54 per cent of critical infrastructure suppliers surveyed had reported attempts to infiltrate their industrial control systems, and the problem is not unique to the United States. The most high-profile example of an attack on critical infrastructure came in the form of the Stuxnet virus that targeted PLCs of the Iranian nuclear program back in 2010. Since then, there have been countless examples of cyber attacks on OT. In fact, during 2021 the number of cyber attacks on OT that lead to physical consequences increased by 144 per cent compared to the previous year, according to data by ICS Strive.  
Moreover, the problem is intensifying. A damning report published by the Financial Times, demonstrated that while three quarters of manufacturing companies claim they are aware of cyber risks and can deal with most of them, many actually lack the skills and security practices to do so.

There is an urgent need to improve cyber security for OT and this must start with education and research.

 The Future Of OT Security

 There are already some promising examples of organizations investing in OT security research and development. The Josef Ressel Centre ISIA is a newly developed research institute based in Salzburg, Austria. Built to investigate the future of digitalisation and industrial automation, the centre will focus specifically on the potential of digital assistants for industrial machines through systems architectures, artificial intelligence and cyber security. 

The centre has been funded by a trio of industrial partners: B&R Industrial Automation, SIGMATEK and COPA-DATA. As a cyber security specialist, COPA-DATA will be predominately involved in research into cyber security for OT. The goal of the investment is to avoid the common pitfall of research institutes: the challenge of finding partners that can industrialize the result of the project. 

While the Josef Ressel Centre is set to make significant advancements in the realm of OT security, more must be done ensure OT-centric cyber security is prioritised by industry.

As manufacturers and critical infrastructure suppliers become increasingly digitalized, the extent of sophistication from hackers will grow. As a minimum, we must ensure that OT cyber security strategies grow at a faster pace.

Reinhard Mayr is Head of Information Security & Research at automation software supplier COPA-DATA

You Might Also Read: 

Operating Technology Security Issues Are Increasing:

 

« Chinese Hackers Steal $20m US Covid Relief Benefits
US Defense Contractors Don't Meet Basic Cyber Security Standards »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Vanguard Integrity Professionals

Vanguard Integrity Professionals

Vanguard Integrity Professionals is an independent provider of enterprise security software solutions that address complex security and regulatory compliance challenges.

Energy Sec

Energy Sec

EnergySec is a United States 501(c)(3) non-profit corporation formed to support energy sector organizations with the security of their critical technology infrastructures.

Digital Defense Inc (DDI)

Digital Defense Inc (DDI)

DDI offers vulnerability scanning, penetration testing, web application testing, social engineering and additional security assessments.

AGAT Software

AGAT Software

AGAT Software is an innovative security provider specializing in external access authentication and data protection solutions.

D3 Security

D3 Security

D3's Smart SOAR platform is at the forefront of the security automation revolution, helping clients around the world to rapidly identify, analyze, and resolve advanced threats.

TEISS

TEISS

Teiss.co.uk is a website dedicated to providing information about cyber security. TEISS also provide a series of conferences and events focused on cyber security.

Bavarian IT Security Cluster

Bavarian IT Security Cluster

The Bavarian IT Security Cluster works to build regional IT security competencies and increase the competitiveness and market opportunities of its member companies.

OCM Business Systems

OCM Business Systems

OCM are experts in the safe, secure and responsible disposal of IT & EPoS assets.

CYBAVO

CYBAVO

CYBAVO is a cryptocurrency security company founded by experts from the cryptocurrency and security industries.

Global EPIC

Global EPIC

Global EPIC is an international cybersecurity initiative designed to combat growing world challenges by facilitating global collaboration in the field of cyber security.

Randstad

Randstad

Randstad provide outsourcing, staffing, consulting and workforce solutions in the USA across a wide range of job sectors including IT and cybersecurity.

Carve Systems

Carve Systems

Carve Systems was founded to bring enterprise level information security, training, and risk management services to organizations of any size and industry.

3wSecurity

3wSecurity

3wSecurity provides visibility to your company’s internet facing systems throughout the security life cycle, allowing for a more thorough approach to vulnerability management.

KeyData Associates

KeyData Associates

KeyData is a recognized leader in cybersecurity services specializing in Identity and Access Management (IAM), Customer Identity & Access Management (CIAM) and Privileged Access Management (PAM).

Intaso

Intaso

Intaso are a boutique head hunting and talent solution firm with specialist Cyber and Information Security expertise.

PeoplActive

PeoplActive

PeoplActive is an IT consulting and recruitment services organization with leading capabilities in digital, cloud and security.