The Need For OT-centric Cyber Security Strategies

Cyber security is consistently hailed as a top global concern for governments, individuals and businesses alike. However, most rhetoric on the subject focuses on securing information technology (IT), rather than operational technology (OT). Today, organisations need a different approach.

Cyber security has experienced an image transformation in the last two decades. No longer is it seen as a technical enigma handled only by the most senior specialists, but it is now an essential part of every businesses operation. Indeed, according to some estimates, there could be up to 4 million openings for cyber security related jobs worldwide, with information security analyst being the tenth fastest growing occupation over the next decade. 

However, the next generation of cyber security specialists must understand the stark differences between IT and OT security. 

The OT Challenge

OT is typically defined as the hardware and software that manages the operation of a process or processes. In an industrial setting, this describes industrial control systems and their connected equipment - think programmable logic controllers (PLCs), human-machine interfaces (HMIs), plus any form of automation such as pumps, fans and compressors. Put simply, OT is the technology that keeps plants running. 

While the basic purpose of IT and OT cyber security are the same: to protect devices, networks, systems and users, there are some significant differences, and as such, significantly different consequences to their failures. 

Among the most crucial areas of cyber security in OT is the protection of critical infrastructure. According to data released by the Organization of American States and Trend Micro, 54 per cent of critical infrastructure suppliers surveyed had reported attempts to infiltrate their industrial control systems, and the problem is not unique to the United States. The most high-profile example of an attack on critical infrastructure came in the form of the Stuxnet virus that targeted PLCs of the Iranian nuclear program back in 2010. Since then, there have been countless examples of cyber attacks on OT. In fact, during 2021 the number of cyber attacks on OT that lead to physical consequences increased by 144 per cent compared to the previous year, according to data by ICS Strive.  
Moreover, the problem is intensifying. A damning report published by the Financial Times, demonstrated that while three quarters of manufacturing companies claim they are aware of cyber risks and can deal with most of them, many actually lack the skills and security practices to do so.

There is an urgent need to improve cyber security for OT and this must start with education and research.

 The Future Of OT Security

 There are already some promising examples of organizations investing in OT security research and development. The Josef Ressel Centre ISIA is a newly developed research institute based in Salzburg, Austria. Built to investigate the future of digitalisation and industrial automation, the centre will focus specifically on the potential of digital assistants for industrial machines through systems architectures, artificial intelligence and cyber security. 

The centre has been funded by a trio of industrial partners: B&R Industrial Automation, SIGMATEK and COPA-DATA. As a cyber security specialist, COPA-DATA will be predominately involved in research into cyber security for OT. The goal of the investment is to avoid the common pitfall of research institutes: the challenge of finding partners that can industrialize the result of the project. 

While the Josef Ressel Centre is set to make significant advancements in the realm of OT security, more must be done ensure OT-centric cyber security is prioritised by industry.

As manufacturers and critical infrastructure suppliers become increasingly digitalized, the extent of sophistication from hackers will grow. As a minimum, we must ensure that OT cyber security strategies grow at a faster pace.

Reinhard Mayr is Head of Information Security & Research at automation software supplier COPA-DATA

You Might Also Read: 

Operating Technology Security Issues Are Increasing:

 

« Chinese Hackers Steal $20m US Covid Relief Benefits
US Defense Contractors Don't Meet Basic Cyber Security Standards »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ReadWrite

ReadWrite

ReadWrite is a leading media platform dedicated to IoT and the Connected World.

CipherPoint Software

CipherPoint Software

CipherPoint Software provides data-centric auditing and protection solutions for securing unstructured information

IoT Security Foundation (IoTSF)

IoT Security Foundation (IoTSF)

IoTSF is a collaborative, non-profit organisation with a mission to raise the quality and drive pervasive security in the Internet of Things.

Nexcom International

Nexcom International

Nexcom operates six global businesses - IoT Automation, Intelligent Digital Security, Internet of Things, Intelligent Platform & Services, Mobile Computing Solutions, Network & Communications.

NuData Security

NuData Security

NuData Security, A Mastercard Company, is an award winning behavioral biometrics company.

Riscure

Riscure

Riscure is a global test lab and tools leader for device security. Core expertise in side channel analysis, fault injection and embedded device software.

Salt Communications

Salt Communications

Salt communications is a global leader in secure communications. Our bespoke platform is the secure communications solution that uniquely gives complete control to our customers.

Seconize

Seconize

Seconize empowers enterprises to proactively manage their cyber risks, prioritize remediations, optimize security spending and ensure compliance.

Bessemer Venture Partners (BVP)

Bessemer Venture Partners (BVP)

Bessemer Venture Partners was born from innovations that literally forged modern building and manufacturing. Today, our team of investors works with people who want to create revolutions of their own.

N-able

N-able

N-Able deliver simple and sophisticated monitoring, security, and business solutions that empower you to solve your toughest IT challenges.

SOC Prime

SOC Prime

SOC Prime is the only Threat Detection Marketplace where researchers monetize their content to help security teams defend against attacks easier, faster and more efficiently than ever.

Apono

Apono

Apono enables DevOps and security teams to manage access to sensitive cloud assets and data repositories in a frictionless and compliant way.

Sababa Security

Sababa Security

Sababa Security is the first Italian innovation cyber security vendor, that provides security products, training, and managed services to protect diverse IT and OT environments.

GIS Consulting (GISPL)

GIS Consulting (GISPL)

From General Data Protection Regulations to advanced Network Infrastructure Audits, GIS Consulting has established a reputation as one the leading cyber security companies in the industry.

CorePLUS Technologies

CorePLUS Technologies

CorePlus solutions are designed to empower organizations with the tools they need to ensure the utmost protection for their assets, people, and information.

Assurestor

Assurestor

Assurestor's singular focus is delivering leading cloud-based backup and disaster recovery designed to increase levels of IT resilience.