The Need For OT-centric Cyber Security Strategies

Uploaded on 2022-12-13 in FREE TO VIEW, BUSINESS-Production-Manufacturing

Cyber security is consistently hailed as a top global concern for governments, individuals and businesses alike. However, most rhetoric on the subject focuses on securing information technology (IT), rather than operational technology (OT). Today, organisations need a different approach.

Cyber security has experienced an image transformation in the last two decades. No longer is it seen as a technical enigma handled only by the most senior specialists, but it is now an essential part of every businesses operation. Indeed, according to some estimates, there could be up to 4 million openings for cyber security related jobs worldwide, with information security analyst being the tenth fastest growing occupation over the next decade. 

However, the next generation of cyber security specialists must understand the stark differences between IT and OT security. 

The OT Challenge

OT is typically defined as the hardware and software that manages the operation of a process or processes. In an industrial setting, this describes industrial control systems and their connected equipment - think programmable logic controllers (PLCs), human-machine interfaces (HMIs), plus any form of automation such as pumps, fans and compressors. Put simply, OT is the technology that keeps plants running. 

While the basic purpose of IT and OT cyber security are the same: to protect devices, networks, systems and users, there are some significant differences, and as such, significantly different consequences to their failures. 

Among the most crucial areas of cyber security in OT is the protection of critical infrastructure. According to data released by the Organization of American States and Trend Micro, 54 per cent of critical infrastructure suppliers surveyed had reported attempts to infiltrate their industrial control systems, and the problem is not unique to the United States. The most high-profile example of an attack on critical infrastructure came in the form of the Stuxnet virus that targeted PLCs of the Iranian nuclear program back in 2010. Since then, there have been countless examples of cyber attacks on OT. In fact, during 2021 the number of cyber attacks on OT that lead to physical consequences increased by 144 per cent compared to the previous year, according to data by ICS Strive.  
Moreover, the problem is intensifying. A damning report published by the Financial Times, demonstrated that while three quarters of manufacturing companies claim they are aware of cyber risks and can deal with most of them, many actually lack the skills and security practices to do so.

There is an urgent need to improve cyber security for OT and this must start with education and research.

 The Future Of OT Security

 There are already some promising examples of organizations investing in OT security research and development. The Josef Ressel Centre ISIA is a newly developed research institute based in Salzburg, Austria. Built to investigate the future of digitalisation and industrial automation, the centre will focus specifically on the potential of digital assistants for industrial machines through systems architectures, artificial intelligence and cyber security. 

The centre has been funded by a trio of industrial partners: B&R Industrial Automation, SIGMATEK and COPA-DATA. As a cyber security specialist, COPA-DATA will be predominately involved in research into cyber security for OT. The goal of the investment is to avoid the common pitfall of research institutes: the challenge of finding partners that can industrialize the result of the project. 

While the Josef Ressel Centre is set to make significant advancements in the realm of OT security, more must be done ensure OT-centric cyber security is prioritised by industry.

As manufacturers and critical infrastructure suppliers become increasingly digitalized, the extent of sophistication from hackers will grow. As a minimum, we must ensure that OT cyber security strategies grow at a faster pace.

Reinhard Mayr is Head of Information Security & Research at automation software supplier COPA-DATA

You Might Also Read: 

Operating Technology Security Issues Are Increasing:

 

« Chinese Hackers Steal $20m US Covid Relief Benefits
US Defense Contractors Don't Meet Basic Cyber Security Standards »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ForeScout Technologies

ForeScout Technologies

ForeScout delivers pervasive network security by allowing organisations to continuously monitor & mitigate security exposures & cyberattacks.

Netskope

Netskope

Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data.

SGCyberSecurity

SGCyberSecurity

SGCyberSecurity is Singapore's No.1 Cyber Security portal. From this platform, you will be able to find useful articles, resources and connect with the security companies for your business needs.

Averon

Averon

Averon's technology is the new gold standard for digital identity - the easiest, fastest and most secure verification solution for users on both WiFi and LTE.

Truepic

Truepic

Truepic provides technologies that prevent fraud, identity theft, misinformation, and disinformation caused by generative, manipulated, or deepfake digital content.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Tego Cyber

Tego Cyber

Tego Cyber delivers a state-of-the-art threat intelligence platform that helps enterprises deploy the proper resolution to an identified threat before the enterprise is compromised.

Ward Solutions

Ward Solutions

Ward Solutions are an information security consultancy and managed services company. We help organisations protect their brand, people, assets, intellectual property and profits.

Brightsolid

Brightsolid

Brightsolid are experts in Hybrid Cloud. We design, build and manage secure, scalable cloud environments that meet customers’ business ambitions.

Match Systems

Match Systems

Match Systems provides blockchain investigations, KYC, KYT, AML, Due Diligence and compliance services.

Cognisys Group

Cognisys Group

Cognisys provides cyber security penetration testing and compliance services from its offices in Leeds and Manchester.

endpointX

endpointX

endpointX is a preventative cyber security company. We help companies minimize their risk of breach by improving cyber hygiene.

Saffron Networks

Saffron Networks

Saffron Networks is an ISO-certified company. We assure our clients of reliable solutions, specifically with the Security landscape and Enterprise Networking.

Doherty Associates

Doherty Associates

Drawing on our deep industry knowledge and business insight, Doherty deliver intelligent IT solutions and services that help people work more securely, more productively and more creatively.

Gogolook

Gogolook

Gogolook is a leading TrustTech company. With "Build for Trust" as its core value, it aims to create an AI- and data-driven global anti-fraud network as well as Risk Management as a Service.

Brunswick Group

Brunswick Group

Brunswick is a critical issues firm. We advise the world’s leading companies on how to navigate the critical issues they face and engage with their critical stakeholders.