Many organisations that rely on Operational Technology (OT) need to elevate their cyber security. A noticeable increase in threats that target OT assets places a wide variety of companies, including those operating critical infrastructure, at risk of process upset, production shutdowns, safety incidents, or other service disruptions. These disruptions can negatively impact mission-critical supply chain operations and the public.
Geopolitical tensions, the rise of criminal ransomware, and the supply chain vulnerabilities that critical infrastructure organisations face all increase the overall threat landscape. New regulatory compliance standards are appearing, and trends towards digitalisation and Industry 4.0 are driving integration between information technology (IT) and OT domains, increasing the overall OT attack surface. That’s why many companies with industrial operations are initiating OT security programmes. That’s the gist of a 24-page white paper, by Frost & Sullivan.
The research company reports that, among organisations operating critical infrastructure, 37 per cent of decision-makers voiced concerns over a lack of expertise in accomplishing sustainable and well-maintained OT security. What makes such an OT cyber security programme successful? A typical IT-centric strategy will not work in OT environments because OT cyber security practices vary from traditional IT strategies, the paper suggests. Hence organisations must address OT-specific challenges when developing these programmes and use governance models and frameworks that include engineering and business processes.
What they say
Jalal Bouhdada, founder of cyber firm Applied Risk and Global Cyber Security Segment Director at DNV, pictured, said: “The industrial sector cannot excel in its digitalisation and automation efforts without robust cyber security measures in place. At a time of increasing geopolitical tension and tightening regulatory requirements, OT security leaders are under greater pressure to demonstrate that their organisation can manage the risks emerging from an increasingly complex cyber threat landscape. But there is relatively little best practice available on how to build sustainable OT security programmes. The white paper that we have published with Frost & Sullivan aims to provide OT security leaders in need with a framework for success.”
And Danielle VanZandt, Industry Manager—Commercial & Public Security at Frost & Sullivan said: “A Blueprint for Building Sustainable Operational Technology Cyber Security Programmes addresses the multiple ingredients needed for OT security programmes to have long-term impact. The white paper gives clear advice on the process and technology considerations that must be made, and it shines a light on the importance of people. We outline the stakeholders who must commit to the programme, the culture that must be realised, and the internal and external skill-sets that are needed for its success.”
You can request a copy of ‘A Blueprint for Building Sustainable Operational Technology Cyber Security Programmes’ from the Applied Risk website.
