8 Benefits of Converged OT Cybersecurity
In today’s interconnected world, the importance of securing critical infrastructure and industrial processes cannot be overstated. Operational Technology (OT) systems, which encompass the hardware and software that monitor and control physical devices and processes, have become prime targets for cyberattacks.
OT Security organisation Waterfall reported a 140 percent increase in the number of cyber-attacks, with over 150 industrial operations affected. To fortify these systems against evolving threats, we must emphasise the symbiotic relationship between OT engineering communities and cybersecurity professionals. OT systems are the backbone of industries such as energy, manufacturing, pharmaceuticals, transportation, and healthcare.
The International Data Corporation (IDC) estimates there will be 41.6 billion connected IoT devices by 2025. These devices ensure the smooth operation of power plants, manufacturing lines, and even critical global healthcare research equipment. However, their integration with digital networks, cloud services, and applications continue to expose them to cyber risks.
The collaboration between OT engineers and cybersecurity specialists holds the key to enhanced mitigation against these threats, and importantly unlocking numerous benefits:
- Holistic Risk Assessment: OT engineers understand the intricacies of industrial processes, making them vital in identifying vulnerabilities unique to their systems. To go beyond typical IT Security compliance, a holistic OT risk assessment would leverage the IEC 62443 standard, and the strengths of MITRE’s ATT&CK for ICS, plus the ISO 31010 standard. Collaborating ensures a more comprehensive risk assessment that accounts for both operational and security aspects.
- Customised Security Solutions: Cybersecurity professionals bring expertise in security risk mitigation techniques, for example adopting a zero-trust model, which is typically only considered in traditional IT environments. The World Economic Forum's Centre for Cybersecurity paper on zero trust for OT networks defines zero trust as a “principle-based model designed within a cybersecurity strategy that enforces a data-centric approach to continuously treat everything as an unknown – whether a human or a machine - to ensure trustworthy behaviour”. Implementation of an OT Zero Trust model with essential collaboration with OT engineers allows for the implementation of this solution, whilst safeguarding critical systems, without hindering operational safety or efficiency.
- Timely Threat Response: In the event of a cyber incident, a well-established collaboration ensures a swift response. There are useful OT and Industrial Control System (ICS) threat sharing resources and programmes available to enhance the depth of information available to make informed decisions on, for example CISA's Automated Indicator Sharing community, NCSC advisories, and the Cyber Threat Alliance. Securing digital manufacturing OT engineers can provide real-time insights into the operational impact, while cybersecurity experts can focus on containment and recovery strategies.
- Knowledge Sharing & Skills: Bridging the gap between these two communities promotes knowledge sharing. The recent Cyber-Informed Engineering (CIE) initiative introduced by the US Dept of Energy last year, is starting to have a positive impact, particularly in the areas of awareness and education which acknowledges these collaboration efforts. Simulation of attacks on OT networks, in collaborative live fire exercises can maximise defence skills. Cyber range platforms, like Cyberbit, provides a full-scale, emulated OT network, including HMIs, hardware controllers (PLCs), and physical devices, and provides end-to-end simulations of IT to OT attacks. OT engineers can learn cybersecurity best practices, and cybersecurity professionals can gain a deeper understanding of industrial processes. This cross-pollination of knowledge is invaluable in staying ahead of evolving threats.
- Regulatory Compliance: Many industries are subject to stringent regulations regarding cybersecurity and safety. The National Institute of Standards and Technology (NIST) highlights the importance of integrating OT and IT security to meet regulatory compliance requirements, such as NIST SP 800-82 Rev 3 released in September, for industrial control systems. Collaborative efforts make it easier to navigate compliance requirements, e.g. NIS 2, reducing the risk of penalties and downtime due to non-compliance.
- Cost-Efficiency: Collaborative efforts can lead to more efficient allocation of resources. Ponemon Institute’s research found that organisations that integrated IT and OT security functions saved an average of 1.5 million in cybersecurity costs. Instead of duplicating efforts, OT engineering and cybersecurity teams can work together to prioritise and address the most critical security challenges.
- Innovation: OT systems are evolving rapidly with advancements like the Industrial Internet of Things (IIoT) and automation. Recent study by AT&T shows the innovation benefits from OT & IT collaboration leading to effective and efficient convergence benefiting from the latest industry tech advancements. Collaboration enables the infusion of cybersecurity measures into these converged innovations from the outset, creating inherently more secure systems.
- Resilience: Ultimately, the collaboration between OT engineers and cybersecurity professionals enhances the overall resilience of critical infrastructure. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) emphasises the importance of integrating IT and OT security to enhance the resilience of critical infrastructure systems. It ensures that systems can withstand cyberattacks and continue to operate safely, even in adverse conditions.
Cyber threats frequently exploit the seams between IT and OT environments, and without integrated security, an organisation is less prepared to defend against these threats. To address these challenges and improve overall cybersecurity posture, organisations are increasingly recognising the need to break down the silos between OT and IT security teams. Collaborative efforts, shared responsibilities, and integrated security strategies are essential to mitigating the complex and evolving threats that target both operational and information technology.
In conclusion, the benefits of collaboration between OT engineering communities and cybersecurity professionals are undeniable. As the threat landscape continues to evolve, our ability to secure critical infrastructure and industrial processes hinges on this partnership. Together, these two communities can fortify our essential systems, safeguard our industries, and ensure a safer, more secure future. It’s not just a collaboration; it’s a necessity.