Gerd Altmann
Industryweek 36372 Binary 2170630 1920

Alliance Formed to Secure Operational Technology

Oct. 30, 2019
As information and operational technologies converge, vulnerabilities become crystal clear.

Recovering from a data breach is a time consuming, expensive and often embarrassing endeavor. And as companies are discovering, data breaches are no longer limited to information technology (IT).  The ongoing convergence of IT and operational technology (OT) networks is making OT increasingly vulnerable to cyber-attacks. In fact, 77 percent of OT organizations have reported a data breach in the last 12 months.

Threats to OT include the hardware and software dedicated to automating, monitoring and controlling physical devices such as key pieces of production equipment as well as motors, valves and pumps. When breaches occur, they can disrupt operations, negatively impact productivity, cause ecological damage and compromise human safety. 

In response to the escalating nature of these threats, 12 of today’s top tech leaders recently launched the Operational Technology Cyber Security Alliance (OTCSA). The founding members include ABB, Check Point Software, BlackBerry Cylance, Forescout, Fortinet, Microsoft, Mocana, NCC Group, Qualys, SCADAFence, Splunk and Wärtsilä. The OTCSA is the first industry group dedicated to providing OT operators with resources, guidance and solutions to mitigate their cyber risk and provide protection for when an attack happens.

The OTCSA mission is five-fold:

  • Strengthen cyber-physical risk posture of OT environments and interfaces for OT/IT interconnectivity;
  • Guide OT operators on how to protect their OT infrastructure based on a risk management process and reference architectures/designs which are demonstrably compliant with regulations and international standards, such as IEC 62443, NERC CIP and NIST 800-53;
  • Guide OT suppliers on secure OT system architectures, relevant interfaces and security functionalities;   
  • Support the procurement, development, installation, operation, maintenance and implementation of a safer, more secure critical infrastructure; and
  • Accelerate the time to adopt safer, more secure critical infrastructures.

    According to Phil Quade, CISO at Fortinet, the OTCSA will help critical infrastructure and industrial automation companies safely and reliably use OT that are rapidly being connected to traditional IT, since such connections have the potential to deliver both great efficiencies and significant risk. 

    “OTCSA is focused on fostering meaningful and action-oriented collaboration with a group of stakeholders who share a common vision. They consist of IT and OT companies, vendors, operators, and thought leaders to develop and promote secure architectural, implementation, and process guidelines,” says Quade. “A key focus of the mission is to help the OT industry develop and navigate cybersecurity changes, upgrades, and integrations to meet evolving industry standards and regulations. This is extremely timely and important because of the complexity and urgency in securing OT environments today as digital convergence becomes more pervasive between OT and IT and cyber adversaries of many types increasingly target these environments.”

    OTCSA's work is fundamental to maintaining economic competitiveness, national or personal security and public safety. Because of the group's collaborative and educational approach it is unique in both its mission and its model – to help one another understand the growing OT security risks and take the strongest, most effective action against them.

    Impact on manufacturing

    Quade tells IndustryWeek that the IT/OT convergence’s impact on manufacturing brought about the need for OTCSA. “In this century, we’re facing a change in manufacturing that’s as substantial as early last century’s changes in automotive manufacturing,” he says.  “A hundred years ago, workers and industrial machines integrated into assembly lines to realize significant new efficiencies.  Today, manufacturing plant’s OT, which monitors factory plants & robots, will be substantially integrated with IT to do the same.” 

    Digital transformation is impacting the security of OT environments – even manufacturing. These systems are built upon OT assets that can range into millions of dollars. A system crash on a manufacturing floor can halt production for a long period of time and potentially ruin expensive and important materials, explains Quade.

    “Since the primary goals of in an industrial environment are the safety of employees and operations as well as production timeliness – its connected devices, applications, and operating systems are not easily updated,” says Quade. “This collective brainpower, knowledge, and guidance can help OT leaders figure out the most impactful steppingstones to bridge the security challenges they face. With these foundational elements in place, organizations can continue to build a resilient and scalable security strategy that can grow and adapt as their OT environment continues to evolve without sacrificing productivity or safety.

    Sponsored Recommendations

    Voice your opinion!

    To join the conversation, and become an exclusive member of IndustryWeek, create an account today!