Earlier this month, industrial manufacturing company Siemens released a report showing that cyber attacks on the operational technology (OT) involved in running critical utilities are increasing. In light of this growing threat to critical and industrial infrastructure, a coalition of industry leaders are joining together to establish new cybersecurity guidelines.
Cybersecurity is of growing importance to industries like utilities, manufacturing and oil & gas. More and more, these industries are combining hardware and software to increase efficiency in their operations, but this increasingly connected operational technology carries some risks.
The new Operational Technology Cyber Security Alliance (OTCSA) will help companies address their security challenges in an effort to mitigate risks threatening to compromise critical infrastructure. Cyber attacks in these industries can do more than impact a company’s bottom line. They are a threat to human safety, our environment and can even lead to great civil unrest.
“Operational technologies represent a key cyber target for multiple threat actors, with potentially devastating economic and physical effects on countries, companies and people. The OTCSA is focused on providing the community with architectural guidelines and best practices for implementing advanced operational technologies in a secure way,” coaltion member Avi Rembaum, Vice President of Security Solutions, Check Point Software Technologies, said in a press release announcing the new alliance.
“OTCSA aims to bridge dangerous gaps in security for critical and OT infrastructure and ICS to support and improve the daily lives of citizens and workers in an evolving world,” Satish Gannu, Chief Security Officer, ABB & Senior Vice President, Architecture and Analytics, ABB Ability™, said in the release. “Industry collaboration to establish guidelines is required to quickly advance the posture of OT, which is already a decade behind IT when it comes to security.”
The group’s mission is to strengthen the cyber-physical risk posture and cybersecurity guidelines of OT environments and interfaces for OT/IT interconnectivity. The cybersecurity guidelines will educate OT suppliers on secure OT system architectures, relevant interfaces and security functionalities. OTSCA seeks to guide OT operators on how to protect their OT infrastructure based on a risk management process and reference architectures/designs in line with regulations and international standards.
“The negative consequences of compromised critical infrastructures are as severe as ever, while the complexity and urgency in securing them continues to escalate. The coming together of an action oriented group of stakeholders who share a common vision of more secure and resilient critical infrastructure is an important step in meaningful collaboration,” Phil Quade, CISO, Fortinet, said in the release. “The OTCSA will address the unique challenges of securing OT environments, which is fundamental to maintaining our economic competitiveness, national and personal security and public safety.”
The purpose of the coalition is to accelerate the time it takes companies to adopt safer, more secure critical infrastructure. They support the procurement, development, installation, operation, maintenance and implementation of a safer, more secure critical infrastructure.
“One of the driving forces behind IT and OT convergence is cyber security of operational systems, like SCADA, MES, controllers, etc. OT has typically been managed as individual devices, which has made it very difficult for IT to maintain its cyber security mandate,” said Kevin Prouty, Group VP for IDC Energy Insights and Manufacturing Insights, in the press release. “Senior executives are tasking operations executives to get their OT systems integrated into the overall enterprise cyber security governance. IDC’s IT/OT Convergence survey from 2018 shows that 65 percent of manufacturing, mining, oil & gas and utility companies see cyber security as the highest priority in IT and OT governance.”
The new alliance is the first of it’s kind. OTSCA membership is open to any company that operates critical infrastructure or general OT systems to run its business and companies providing IT and OT solutions. To learn more, visit: https://www.otcsalliance.org.