OT Cyber Coalition comes together to build, protect, defend ICS, critical infrastructure assets in the US

Operational technology (OT) vendors have come together to form an OT Cyber Coalition (Operational Technology Cybersecurity Coalition) that will work together with government and industry partners, while also advocating for vendor-neutral, interoperable, standards-based cybersecurity solutions. Representing the entire OT lifecycle, the Coalition will focus on using collective experience to safeguard the nation’s critical infrastructure assets and improve the cybersecurity of OT environments. 

“We believe that the strongest, most effective approach to securing our collective defense is one that is open, vendor-neutral, and allows for diverse solutions and information sharing without compromising cybersecurity defenses,” the OT Cyber Coalition said on its website. The Coalition’s founding members include Claroty, Forescout, Honeywell, Nozomi Networks, and Tenable. They will work to build, protect, and defend industrial control systems (ICS) and critical infrastructure assets within the U.S. 

The OT Cyber Coalition also encourages the adoption of interoperability and vendor-neutral cybersecurity characteristics, provides industry expertise, shares feedback on public policy proposals, and advocates for increased funding for federal OT cybersecurity. 

The Coalition’s extensive representation will broaden policymakers’ perspectives on key cybersecurity issues and demonstrate the critical need to address these issues. As the government and private sector stakeholders continue their efforts to secure and defend critical infrastructure, the OT Cyber Coalition will work collaboratively with Cybersecurity and Infrastructure Security Agency (CISA), the Department of Homeland Security (DHS), and sector risk management agencies (SRMAs) on how to best deploy an open standards-based and interoperable set of data-sharing solutions to enhance cybersecurity and strengthen collective defense.

Over the course of its engagements, the OT Cyber Coalition says it has successfully shared how crucial it is that the government adopt a technology-neutral and standards-based approach to cybersecurity. “We were encouraged to see language in the Administration’s recent Fact Sheet on the Water Sector Action Plan to promote a similar vendor- and technology-neutral approach, and we want to ensure this approach will be continued as the public and private sectors collaborate to improve the state of OT/ICS cybersecurity,” it said. 

The Coalition also invites feedback and requests from CISA, DHS, SRMAs, and the industry on how to best deploy an open, standards-based, and interoperable set of data-sharing solutions to enhance cybersecurity and strengthen collective defense. “By increasing awareness of OT/ICS cybersecurity challenges and solutions and by serving as a central resource for the public and private sectors, we hope to bring increased security and control over the country’s most critical environments,” it added.

The principles of the OT Cyber Coalition include interoperability, vendor-neutral cybersecurity characteristics, delivering industry expertise, addressing feedback and public policy proposals from governments, and funding for federal OT cybersecurity.

The Coalition wants technologies to be based on open standards and promote innovation while avoiding proprietary solutions that create vendor lock-in. Ultimately, no single solution can fully address the cybersecurity challenges industrial enterprises face, and the U.S. government must reinforce this tenet. The open standard and technology-neutral approach will encourage critical infrastructure owners and operators to choose the solutions that work best for them.

The U.S. government should work with SRMAs to endorse a core set of cybersecurity characteristics of technologies that will improve the cybersecurity of the ICS/OT community. By ensuring they enable agreed-upon key objectives identified through the combined expertise and experience of the industry, the federal government will maintain a posture of technology neutrality while also engaging with and incentivizing the development of a larger community of cybersecurity vendors who work every day to secure critical infrastructure environments.

As the U.S. government spends billions of dollars protecting the enterprise IT infrastructure in its many departments and agencies, the Coalition will advocate for funding for federal civilian agencies to implement OT cybersecurity measures, including, among other things, asset and device inventory.

“Given the significant exposure, a more dangerous set of threat actors, and the risks to national security and society, the government needs to leverage all cyber capabilities at its disposal to protect critical infrastructure,” Grant Geyer, chief product officer & CISO at Claroty, said in a media statement. “No one entity or provider has a monopoly on protecting critical infrastructure, and a vendor-neutral and open standards approach can ensure that we’re all working in concert to keep the country safe.”

“Our combined customer base represents the largest and most impactful organizations in critical infrastructure,” Shawn Taylor, vice president of threat defense at Forescout said. “We have the potential to collect asset information, vulnerability data, threats and security incidents, and risk status to provide real time insight and data to help support the US government, asset owners and operators as part of our collective defense mission.”

“Although we may be a group of competitive OT cybersecurity companies, we also are extremely passionate about working collaboratively to improve the cybersecurity of these sometimes fragile OT environments,” said Jeff Zindel, vice president and general manager of OT Cyber Security for Honeywell Connected Enterprise. “This work is essential to protect our country’s critical infrastructure.”

“To combat the growing number of threats against our critical infrastructure, it is essential that the cybersecurity industry embrace competitive innovation and open information sharing to collectively strengthen defenses,” Andrea Carcano, Nozomi Networks’ co-founder and CPO said. “As a founding member of the coalition, we look forward to helping advance these key priorities to fortify the security of our nation’s most critical infrastructure.” 

“Our companies represent the entire OT lifecycle, and can be leveraged strategically by the U.S. Government in an advisory capacity and by critical infrastructure operators to protect themselves and improve our national preparedness,” Marty Edwards, vice president for operational technology security at Tenable said. “We look forward to working together to promote these goals.”

The OT Cyber Coalition joins the likes of the Operational Technology Cyber Security Alliance (OTCSA), which currently provides OT operators and suppliers with resources and guidance to mitigate their cyber risk in a fast-evolving world.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.