Industry’s Media Platform of Choice
Champion Your Brand in Front of Decision Makers and Extend Your Reach Get Featured in the SPOTLIGHT
Industry’s Media Platform of Choice
Champion Your Brand in Front of Decision Makers and Extend Your Reach Get Featured in the SPOTLIGHT
A recent survey finds a troubling number of OT security breaches as manufacturers move toward IT-OT convergence.
There has been a strong drive within organizations to commit greater resources to OT security budgets this year.
By Rick Peters, CISO, Operational Technology, North America, Fortinet
The Industrial Internet of Things (IIoT) enables real-time decision making and significant cost savings, especially with respect to resource consumption and employee efficiency. Despite these benefits, however, organizations must also understand the potential security risks they are facing as IT and Operational Technology (OT) departments and their respective support systems converge. Absent an effective OT security plan, the enterprise infrastructure, to include ICS/SCADA systems are left vulnerable to cyberattacks that could result in financial loss, reputational damage, diminished consumer confidence, and threaten the safety of citizens – and in the case of critical infrastructure, even place national security at risk.
It’s difficult to overemphasize the need to protect the OT networks of enterprisesand their integrated ICS/SCADA systems. In fact, the cyber physical plant in its entirety represents an enormous investment and clearly warrants proportional proactive security consideration. There’s an absolute dependence on safe and sustained operations that span everything from manufacturing to utilities to transportation infrastructure – many of these OT verticals comprise and deliver a range of services that citizens around the globe depend on daily. This risk raises a significant number of cybersecurity concerns as these historically air-gapped systems are now exposed to cyber risks and a considerably broader attack surface.
New research from Fortinet and Forrester surveyed industry leaders who manage and maintain OT infrastructure to gain better insight into security trends and practices affecting their operations.
Here are three of the most significant findings:
The proliferation of OT security breaches is worrisome. While only 10% of the study’s respondents reported that they have never experienced this type of threat, more than half – 58% – said they’d had a breach in the past 12 months. This is attributable toOT systems becoming an high value target of interest for cyberattacks. It is no surprise, then, that there has been a strong drive within organizations to commit greater resources to security – with 78% planning to increase their OT security budgets this year.
In the past, OT systems preferred an “air gap” to achieve security since they functioned as whole independent and isolated networks. This was in part due to the fact that they were built on legacy software, with hardware and life cycles measured in decades. Naturally, one significant takeaway from the shift to converge IT and OT networks is the increased risk that IT networks can pose to these previously isolated environments. Another is the risks introduced through the expansion of the potential attack surface. Indeed, the pursuit of operational efficiency through IT/OT convergence and broader connectivity promoted the exposure of OT networks to more traditional IT threats.
The recent survey also found that organizational leaders are concerned about the complex nature of converged IT/OT systems. Almost all respondents (96%) foresee challenges as they move toward convergence, resulting in deliberate, careful movements that center on concerns around about security. Among respondents, more than one-third reported worrying about the following OT security challenges:
Increased regulatory pressures for ICS/SCADA have also become a growing concern for those managing OT systems. Seven in ten report mounting compliance pressures over the past year. The regulations with the most significant impact are the Federal Information Security Management Act (FISMA), the EU Data Protection Directive (GDPR), and International Society (ISA) Standards.
Exposing proprietary OT infrastructure to business partners constitutes an additional source of risk and concern. Granting appropriate privileged access to appropriate personnel is critically important, especially when those outside the organization require access to internally controlled resources. Those organizations that were most successful with securing their environments were also 129% more likely to severely limit or even deny access to their business partners.
Along similar lines, OT organizations with the fewest breaches also closely governed access to IT providers, granting only moderate access. Finally, these top-tier organizations were 45% more likely to execute vital security functions in-house as opposed to outsourcing such responsibility. Conversely, they were more likely to have outsourced network analysis and visibility.
Indeed, partner relationships are in many instances important, and on occasion even essential. However, a careful approach to granting appropriate access, making the best outsourcing decisions, and identifying situationally ready partners are vital to securing OT systems amid digital transformation.
Those responsible for managing and maintaining critical infrastructure have a complex role to play due to IT/OT convergence. With diminished reliance on the air gap, and an expanding threat landscape, new challenges will necessarily lead to new security priorities. Organizations engaged in digital transformation will need to pay greater attention to the latest cybersecurity trends and make intelligent security investment decisions to ensure a secure migration to this new converged IT/OT business model.
Rick Peters
About the author
Rick Peters is the CISO for Operational Technology, North America for Fortinet Inc., delivering cybersecurity defense solutions and insights for the OT/ICS/SCADA critical infrastructure environments. He is charged with overseeing growth of Fortinet’s penetration into the largest global OT marketspace. That charge entails identifying and partnering to gain traction on existing OT business campaigns as well as targeting emerging customer opportunities.
Made To Stay: Attracting Gen Z Into Manufacturing
A childhood in Kansas, college in California where she met her early mentor, Leigh Lytle spent 15 years in the Federal Reserve Banking System and is now the 1st woman President & CEO of the Equipment Leasing & Finance Association. Join us to hear about her ambition to be a great leader.
Get In Touch
Google news and SEO compliant, Industry Today’s state-of-the-art digital media platform offers bespoke media campaigns that target key decision makers and buyers to achieve your marketing and promotional goals.
Contribute
Showcase your brand and promote your business to our highly targeted audience. We offer detailed Google Analytics with measurable ROI to assure success. Submit your content for review by our Editorial team who will contact you to discuss the project further.
About Us
Reach Your Targeted Audience and Grow Your Business. Learn more About Industry Today.
Contact Us
© 2024 Industry today. All Rights reserved.
