Securing OT — the control systems that manage, monitor, automate and control industrial operations — is a growing challenge for companies with industrial operations. As OT becomes more connected and networked to IT environments, cyber criminals are increasingly gaining access to, and control of, industrial infrastructure. OT-reliant sectors, including energy, manufacturing, healthcare, and transportation, now appear within the top ten most-attacked industries. The risk of production shutdowns, safety incidents, process disturbance and other service disruptions is consequently growing.
A new report from Frost & Sullivan and Applied Risk, a DNV company (“A Blueprint for Building Sustainable Operational Technology Cyber Security Programmes”) addresses common concerns facing OT security decision-makers as they invest in protecting their organizations against emergent risks. These concerns include:
- 40% of OT security decision-makers worry about the potential security risks of IT and OT system integration in their organization;
- 37% say their organization lacks the expertise needed to develop and maintain a sustainable OT security program; and
- 26% believe that their organization’s decision-making structure is so complex that it paralyses the OT security planning process.
The report outlines actions that should be taken at every stage of a program’s lifecycle, from setting goals and responsibilities to determining vulnerabilities, selecting countermeasures and governance systems, implementing controls, and embedding assurance schemes. It also includes a checklist of ‘to-dos’ to help cyber security, engineering, and management teams avoid pitfalls along the way.
“The industrial sector cannot excel in its digitalization and automation efforts without robust cyber security measures in place. At a time of increasing geopolitical tension and tightening regulatory requirements, OT security leaders are under greater pressure to demonstrate that their organization can manage the risks emerging from an increasingly complex cyber threat landscape. But there is relatively little best practice available on how to build sustainable OT security programs. The paper that we have published with Frost & Sullivan aims to provide OT security leaders in need with a framework for success,” said Jalal Bouhdada, Founder of Applied Risk and Global Cyber Security Segment Director at DNV.
“This report addresses the multiple ingredients needed for OT security programs to have long-term impact. The white paper gives clear advice on the process and technology considerations that must be made, and it shines a light on the importance of people. We outline the stakeholders who must commit to the program, the culture that must be realized, and the internal and external skillsets that are needed for its success,” said Danielle VanZandt, Industry Manager—Commercial & Public Security at Frost & Sullivan.