With accelerated digital transformation, it has become increasingly difficult to separate industrial control system networks from corporate networks. While industries have begun appreciating the importance of OT security, there is massive scope to address the underlying technology challenges.
Operational technology (OT) infrastructure is rapidly changing, and the capabilities in this space are evolving, with new ways to increase efficiency, control operations, and streamline processes.
With these cyber-physical systems emerging in critical infrastructure environments, a niche OT cyber security market has developed. It is in a transitional state as traditional OT management, infrastructure, governance, and security become increasingly influenced by IT.
While current advances in OT cyber security are impressive, new approaches are needed to gain defensive advantage over cyber adversaries, serve business risk management needs, and keep up with new OT technologies in an increasingly demanding and competitive environment.
Progress can only be achieved when both OT and IT stakeholders can correctly assess current and emerging risks, assess the strengths and benefits of candidate threat mitigation measures, and convince the board members of the correctness of these assessments, and obtains funds for security modernization initiatives.
In reality, IT stakeholders often underestimate cyber threats and overestimate the effectiveness of software-based security measures. OT stakeholders, on the other hand, are often less predictable.
They sometimes underestimate threats and resisting investment in improved security posture, while other times overestimate threats and raise safety concerns that impair modernization efforts. In all cases, defensive postures, communicating threats and the need for change to business decision-makers can be challenging.
Future-Proofing OT Strategy
The first step in managing cyber and operational risk for an OT system is to identify, classify and monitor OT network assets proactively. Almost every security framework requires identifying and classifying hardware as a prerequisite. Businesses must implement some form of real-time OT asset inventory tracking as mandatory.
As OT systems turn into cyber-physical systems that are connected to vast operational and corporate networks through the internet, they are exposed to threats, and the potential for malfunction and mis-configuration is high. More moving parts plus more connections equals higher risk.
Proactively monitoring OT network assets will help businesses discover potential risks they may encounter in the present and help reduce future risks.
The convergence of OT and IT is gaining more traction, so enterprises need to implement robust cyber security programs while maintaining the top priority of availability for OT systems.
This can only be successful if both the teams integrate, distinguish between the areas where OT or IT is the expert, and then work towards a common goal. It is, therefore, crucial for enterprises to clearly define roles and goals and conduct cross-training.
Furthermore, while undertaking any security proof-of-value, all the teams involved-including engineering, security, and operations- should be consulted. For the success of any OT investment, it is essential to ensure the solution requirements meet everyone’s needs.
Factors that need to be considered include how a vendor collects OT data, the strength of the vendor’s threat intelligence database, and how comprehensive their integration and orchestration capabilities are.
Whatever proof-of-value requirements are included, enterprises must ensure they accurately assess the vendor’s suitability and maturity for the business while also striving to weed out companies that are unlikely to be around in the long-term.
As the market matures, narrow-scope point solutions will face heavy competition from vendors offering organization-wide platforms that traverse OT, IT, IoT, and the cloud. Businesses must evaluate their current security suite and determine which tools provide the most value and whether any current vendors are at risk of becoming obsolete or going out of business.