The Need For OT-centric Cyber Security Strategies

Cyber security is consistently hailed as a top global concern for governments, individuals and businesses alike. However, most rhetoric on the subject focuses on securing information technology (IT), rather than operational technology (OT). Today, organisations need a different approach.

Cyber security has experienced an image transformation in the last two decades. No longer is it seen as a technical enigma handled only by the most senior specialists, but it is now an essential part of every businesses operation. Indeed, according to some estimates, there could be up to 4 million openings for cyber security related jobs worldwide, with information security analyst being the tenth fastest growing occupation over the next decade. 

However, the next generation of cyber security specialists must understand the stark differences between IT and OT security. 

The OT Challenge

OT is typically defined as the hardware and software that manages the operation of a process or processes. In an industrial setting, this describes industrial control systems and their connected equipment - think programmable logic controllers (PLCs), human-machine interfaces (HMIs), plus any form of automation such as pumps, fans and compressors. Put simply, OT is the technology that keeps plants running. 

While the basic purpose of IT and OT cyber security are the same: to protect devices, networks, systems and users, there are some significant differences, and as such, significantly different consequences to their failures. 

Among the most crucial areas of cyber security in OT is the protection of critical infrastructure. According to data released by the Organization of American States and Trend Micro, 54 per cent of critical infrastructure suppliers surveyed had reported attempts to infiltrate their industrial control systems, and the problem is not unique to the United States. The most high-profile example of an attack on critical infrastructure came in the form of the Stuxnet virus that targeted PLCs of the Iranian nuclear program back in 2010. Since then, there have been countless examples of cyber attacks on OT. In fact, during 2021 the number of cyber attacks on OT that lead to physical consequences increased by 144 per cent compared to the previous year, according to data by ICS Strive.  
Moreover, the problem is intensifying. A damning report published by the Financial Times, demonstrated that while three quarters of manufacturing companies claim they are aware of cyber risks and can deal with most of them, many actually lack the skills and security practices to do so.

There is an urgent need to improve cyber security for OT and this must start with education and research.

 The Future Of OT Security

 There are already some promising examples of organizations investing in OT security research and development. The Josef Ressel Centre ISIA is a newly developed research institute based in Salzburg, Austria. Built to investigate the future of digitalisation and industrial automation, the centre will focus specifically on the potential of digital assistants for industrial machines through systems architectures, artificial intelligence and cyber security. 

The centre has been funded by a trio of industrial partners: B&R Industrial Automation, SIGMATEK and COPA-DATA. As a cyber security specialist, COPA-DATA will be predominately involved in research into cyber security for OT. The goal of the investment is to avoid the common pitfall of research institutes: the challenge of finding partners that can industrialize the result of the project. 

While the Josef Ressel Centre is set to make significant advancements in the realm of OT security, more must be done ensure OT-centric cyber security is prioritised by industry.

As manufacturers and critical infrastructure suppliers become increasingly digitalized, the extent of sophistication from hackers will grow. As a minimum, we must ensure that OT cyber security strategies grow at a faster pace.

Reinhard Mayr is Head of Information Security & Research at automation software supplier COPA-DATA

You Might Also Read: 

Operating Technology Security Issues Are Increasing:

 

« Chinese Hackers Steal $20m US Covid Relief Benefits
US Defense Contractors Don't Meet Basic Cyber Security Standards »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CyTech Services

CyTech Services

CyTech provides unique services and solutions complemented with professional subject matter experts to both the Federal and Commercial sectors.

National Trading Standards eCrime Team (NTSeCT)

National Trading Standards eCrime Team (NTSeCT)

The National Trading Standards eCrime Team tackles online consumer scams, rip-offs and fraud, as well as those committed by text or email.

tunCERT

tunCERT

TunCERT is the National Computer Emergency Response Team of Tunisia.

Cifas

Cifas

Cifas are leaders in fraud prevention, working closely with UK law enforcement partners.

MKD-CIRT

MKD-CIRT

MKD-CIRT is the national Computer Incident Response Team for Macedonia.

Heimdal Security

Heimdal Security

Heimdal Security provides proactive protection against cyber threats including ransomware, exploit kits and financial malware.

Ubiq Security

Ubiq Security

Ubiq has developed a software solution that secures any type of data, on any device, anywhere, with nearly no impact to system performance or user experience.

Hivint

Hivint

Hivint is a new kind of Information Security professional services company enabling collaboration between our clients to reduce unnecessary security spend.

Vaadata

Vaadata

Vaadata are experts in ethical hacking. We secure your web, mobile and IoT platforms.

CloudVector

CloudVector

CloudVector's API Detection & Response platform is the only API Threat Protection solution that goes beyond the gateway to provide Shadow API Prevention and Deep API Risk Monitoring and Remediation.

8com

8com

8com is an established Managed Security Service Provider (MSSP) with over 75 employees and customers in over 40 countries.

COPA-DATA

COPA-DATA

COPA-DATA is the only independent software manufacturer to combine in-depth experience in automation with new possibilities of digital transformation – reliable, future-proof and operating worldwide.

CyAmast

CyAmast

CyAmast is an IoT Network security and analytics company that is changing the way enterprise and governments detect and protect networks from the pervasive threat of cyber attacks.

BJSS

BJSS

BJSS is an award-winning technology and engineering consultancy for business.

Mantodea Security

Mantodea Security

Mantodea Security is an industry-agnostic powerhouse backed by extensive experience and expertise in the realm of IT security.

Siguria Kibernetike (Cyber Security)

Siguria Kibernetike (Cyber Security)

Siguria Kibernetike is a company based in Tirana that offers full service in the field of cyber and physical security.