“Organisations are looking for trusted channels that can mitigate threats and enable better response.” OT-ISAC
Last October, the Cyber Security Agency of Singapore and Global Resilience Federation Asia Pacific partnered to launch the Operational Technology Information Sharing and Analysis Center. OT-ISAC’s mission is to reduce cybersecurity risks to operational technology and critical information infrastructure.
In the months since it was launched OT-ISAC has served as a threat information sharing hub for companies in energy, water and other CII sectors across Asia. Member companies involved in the center can securely exchange details of OT and IT threats and attacks on their organizations, in an effort to help their peers prevent and quickly mitigate damage caused by malicious actors.
Industrial Cyber talked to OT-ISAC Regional Director AJ Eserjose about the work the center is doing and the current OT cybersecurity landscape.
How did you get started in OT cybersecurity?
Before moving to OT-ISAC, I gained experience building business relationships between technology vendors and end users working in cybersecurity in Asia. Working in OT security is a unique opportunity because OT is only just now becoming connected to the internet, with all the security risks that implies. At the same time, it’s absolutely critical to the most important underlying services we all need, like power and water.
What about this field most interests you?
I’ve always been drawn to technology and its influence in the world – in particular, cybersecurity appeals to me because I find it the most compelling discipline in technology. This field pushes me. Particularly in OT, cybersecurity requires me to understand a broad set of skills and capabilities over more than domain. Even more so than IT cybersecurity, OT cyber can have a significant business operating impact and an attack or penetration can adversely affect citizens who need things fundamental to society, not just customers of a product. The learning never stops.
Tell me about the research OT-ISAC is doing.
OT-ISAC drives knowledge exchange and adoption of essential OT cybersecurity best practices and benchmarks, including providing actionable cyber threat information for members to protect themselves. This info comes from a few different sources, including members themselves.
OT-ISAC members obtain and share information on malicious activity, incident information, vulnerability details, APT activity, malware samples, IOCs and other technical details.
Together members often crowdsource intelligence through the community, which is a vetted trusted group. OT-ISAC’s threat analysts take shared information and enrich it, disseminating it back to the community. Staff also source outside threat information from partners like government, other sharing communities and private sector sources. They use all this info to help members build better resilience. OT-ISAC issues many reports and alerts on specific threats, security trends, and best practices. We cater to our members, including energy and water companies, but we are very aware of potential threats that may be industry agnostic.
Tell me about your intelligence sharing partnerships. Why should organizations work with the center? Why should a company become a member?
Just as malicious actors exchange tools or advice on forums, the aim of information sharing within OT-ISAC is for mutual cooperation, albeit for defence not criminal activity.
Organisations are looking for trusted channels that can mitigate threats and enable better response. OT-ISAC is a hub of defensive intelligence and practices from many different sources including other members, partners and staff. We allow members to expand their eyes and ears at a more cost-effective rate than hiring a larger security team.
A member company can securely and anonymously share threat information with OT-ISAC analysts who further enrich and disseminate actionable alerts, intelligence and best practices for all community members to defend themselves and take mitigating action against malicious actors, their tools, and system exploits. OT-ISAC also partners with government, private vendors and other information sharing organizations to acquire and disseminate timely and relevant information for the resilience of member companies.
Can you talk a little about the current threat to OT environments. What kinds of dangers are organizations facing? Why is threat intelligence and the work of OT-ISAC so important?
We now live in a digital age, where IT / OT convergence increases cyber risk to industrial systems and the pillars of civilization, so to speak. Legacy ICS components are not designed to embrace digital transformation and it comes, at times, at the expense and liability of protecting systems from all of the threats that are out there. OT-ISAC provides support in mitigating cyber, physical or geopolitical threats or attacks significant to OT systems and the sectors leveraging those systems. This allows our member companies to advance the resilience of their organisation and sector by strengthening their own defensive architecture to prevent or respond to threats or attacks, and helping peers do the same by sharing their successes and challenges.