The Need For OT-centric Cyber Security Strategies

Uploaded on 2022-12-13 in FREE TO VIEW, BUSINESS-Production-Manufacturing

Cyber security is consistently hailed as a top global concern for governments, individuals and businesses alike. However, most rhetoric on the subject focuses on securing information technology (IT), rather than operational technology (OT). Today, organisations need a different approach.

Cyber security has experienced an image transformation in the last two decades. No longer is it seen as a technical enigma handled only by the most senior specialists, but it is now an essential part of every businesses operation. Indeed, according to some estimates, there could be up to 4 million openings for cyber security related jobs worldwide, with information security analyst being the tenth fastest growing occupation over the next decade. 

However, the next generation of cyber security specialists must understand the stark differences between IT and OT security. 

The OT Challenge

OT is typically defined as the hardware and software that manages the operation of a process or processes. In an industrial setting, this describes industrial control systems and their connected equipment - think programmable logic controllers (PLCs), human-machine interfaces (HMIs), plus any form of automation such as pumps, fans and compressors. Put simply, OT is the technology that keeps plants running. 

While the basic purpose of IT and OT cyber security are the same: to protect devices, networks, systems and users, there are some significant differences, and as such, significantly different consequences to their failures. 

Among the most crucial areas of cyber security in OT is the protection of critical infrastructure. According to data released by the Organization of American States and Trend Micro, 54 per cent of critical infrastructure suppliers surveyed had reported attempts to infiltrate their industrial control systems, and the problem is not unique to the United States. The most high-profile example of an attack on critical infrastructure came in the form of the Stuxnet virus that targeted PLCs of the Iranian nuclear program back in 2010. Since then, there have been countless examples of cyber attacks on OT. In fact, during 2021 the number of cyber attacks on OT that lead to physical consequences increased by 144 per cent compared to the previous year, according to data by ICS Strive.  
Moreover, the problem is intensifying. A damning report published by the Financial Times, demonstrated that while three quarters of manufacturing companies claim they are aware of cyber risks and can deal with most of them, many actually lack the skills and security practices to do so.

There is an urgent need to improve cyber security for OT and this must start with education and research.

 The Future Of OT Security

 There are already some promising examples of organizations investing in OT security research and development. The Josef Ressel Centre ISIA is a newly developed research institute based in Salzburg, Austria. Built to investigate the future of digitalisation and industrial automation, the centre will focus specifically on the potential of digital assistants for industrial machines through systems architectures, artificial intelligence and cyber security. 

The centre has been funded by a trio of industrial partners: B&R Industrial Automation, SIGMATEK and COPA-DATA. As a cyber security specialist, COPA-DATA will be predominately involved in research into cyber security for OT. The goal of the investment is to avoid the common pitfall of research institutes: the challenge of finding partners that can industrialize the result of the project. 

While the Josef Ressel Centre is set to make significant advancements in the realm of OT security, more must be done ensure OT-centric cyber security is prioritised by industry.

As manufacturers and critical infrastructure suppliers become increasingly digitalized, the extent of sophistication from hackers will grow. As a minimum, we must ensure that OT cyber security strategies grow at a faster pace.

Reinhard Mayr is Head of Information Security & Research at automation software supplier COPA-DATA

You Might Also Read: 

Operating Technology Security Issues Are Increasing:

 

« Chinese Hackers Steal $20m US Covid Relief Benefits
US Defense Contractors Don't Meet Basic Cyber Security Standards »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ISACA

ISACA

ISACA is a global professional association and learning organization for members who work in information security, governance, assurance, rissk and privacy.

Norton Rose Fulbright

Norton Rose Fulbright

Norton Rose Fulbright is a global business law firm. Practice areas include Data protection, Privacy and Cybersecurity.

Optimal IdM

Optimal IdM

Optimal IdM is a leading global provider of identity management solutions and services.

CamCERT

CamCERT

CamCERT is the national Computer Emergency Response Team for Cambodia.

Data Resolve Technologies

Data Resolve Technologies

Data Resolve offer a mechanism through which customers can detect and tackle various kinds of sensitive activities pertaining to data loss and data theft.

Introspective Networks

Introspective Networks

Introspective Networks (IN) is a Cybersecurity company focusing on securing data in the network and automating knowledge work to decrease vulnerability points to critical infrastructure.

Bottomline Technologies

Bottomline Technologies

Bottomline Technologies is an innovator in business payment automation technology, helping companies make complex business payments simple, smart and secure.

Certis

Certis

Certis is a leading advanced integrated security organisation that develops and delivers multi-disciplinary security and integrated services.

Defendify

Defendify

We built Defendify to help small businesses navigate the cybersecurity landscape with cybersecurity that is dead simple, affordable, and works around the clock.

Bugraptors

Bugraptors

BugRaptors is a certified software testing company with extensive experience as a third-party testing vendor, effectively proven as a leader in software testing & QA Services.

Defensity

Defensity

Defensity offer bespoke & pre packaged IT Security Solutions for Small business to help companies reduce overall IT related risk.

DeepFactor

DeepFactor

DeepFactor is the industry’s first Continuous Observability platform enabling Engineering and AppSec teams to find and triage RUNTIME security, privacy, and compliance risks in your applications.

blueAllianceIT

blueAllianceIT

blueAlliance IT is an investment and growth platform that unites local MSP and IT companies around the nation, helping them to grow and operate competitively.

Celera Networks

Celera Networks

Celera Networks is a managed services provider specializing in cybersecurity, cloud and managed IT services.

Prancer

Prancer

Prancer is the industry's first cloud-native, self-service SAAS platform for automated security validation and penetration testing in the cloud.

Alchemy Security Consulting

Alchemy Security Consulting

Alchemy Security Consulting specialise in offensive and defensive cyber security. We find the weak link in your security so you can patch it up fast and avoid being hacked.