All the latest news from the industry weekly compiled by the editorial team for you free of charge.
This eMail is already registered.
An unexpected error occured.
Please accept our Terms of Use.
Registration successful.

Sid Snitkin

Vice President

ARC Advisory Group

1 Rating

CYBERSECURITY Industry leaders share future visions for industrial cybersecurity

May 3, 2021

Sid Snitkin, Vice President, ARC Advisory Group - Smart companies will invest in people, process and technologies to ensure the impacts of sophisticated attacks are minimised

New developments are also undermining the adequacy of current OT cybersecurity strategies. Increased remote access, particularly from personal devices, has expanded ways for attackers to compromise critical systems. Digital transformation has also weakened OT system defences through broad connectivity with cloud apps & external systems and through the introduction of potentially insecure, unmanageable IoT devices.

A more challenging threat environment is further pushing the limits of what is required to protect industrial systems. Nation-state attackers and cybercriminals are using sophisticated techniques and malware that overcome traditional defences. Industrial companies need active defence programs to stop sophisticated attackers before they impact operations and threaten worker safety.

The safety and operational risks of operating facilities with these kinds of cybersecurity gaps shouldn’t be accepted. Smart companies will invest in people, processes and technologies to ensure that defences are properly maintained, new developments are properly addressed and the impacts of sophisticated attacks are minimised.

IT/OT cybersecurity convergence addresses security gaps

While companies increasingly appreciate the serious gaps in conventional industrial cybersecurity programs, addressing these issues is challenging. The global shortage of cybersecurity professionals, particularly those with OT experience, makes it difficult to hire additional staff. Operating constraints limit the access that security teams need to keep defences updated. Emphasis on isolation as the primary defence constrains visibility of vulnerabilities and abnormal system behaviours.

An onslaught of new cybersecurity challenges also diverts everyone’s attention from existing problems. Today, security teams have to develop security strategies for cloud data-in-motion & at-rest, apps that are being moved to the cloud, remote access users and all their devices, the security of new IoT devices and embedded systems and provide secure environments for edge compute platforms. The fluidity of all the deployment options makes it impossible for companies to maintain security unless they have:

  • End-to-end security solutions that span every endpoint and communication pathway

  • Centralised management of consistent security policies

  • Zero trust security for every step of every system interaction

Though plants and facilities will struggle to make the needed investments in OT cybersecurity, most companies already have IT security teams to deal with these issues. Those that don’t will certainly need to make investments in IT security. Converging IT and OT cybersecurity programs provides a way to leverage these capabilities and investments to improve OT cybersecurity.

There will always be core OT-specific cybersecurity issues that require unique people, processes and technologies. But this doesn’t mean that they can’t be addressed as part of a converged cybersecurity program. Trying to maintain siloed IT and OT cybersecurity programs will only frustrate efforts to address existing & emerging security challenges and increase the risks of deploying new business strategies that integrate traditional IT & OT systems with cloud, IoT and mobile solutions.

Companies related to this article
Related articles