Frost & Sullivan and Applied Risk, a DNV company, have joined forces to publish a new whitepaper outlining practical steps for designing, implementing, and maintaining sustainable operational technology (OT) cyber security programmes.

Securing OT, the control systems that manage, monitor, automate and control industrial operations, is a growing challenge for companies with industrial operations, the writers state.

As OT becomes more connected and networked to IT environments, cyber criminals are increasingly gaining access to, and control of, industrial infrastructure.

OT-reliant sectors, including energy, manufacturing, healthcare, and transportation, now appear within the top ten most-attacked industries. The risk of production shutdowns, safety incidents, process disturbance and other service disruptions is consequently growing.

The whitepaper, titled A Blueprint for Building Sustainable Operational Technology Cyber Security Programmes, addresses common concerns facing OT security decision-makers as they invest in protecting their organisations against emergent risks.

These include:

• 40% of OT security decision-makers worry about the potential security risks of IT and OT system integration in their organisation
• 37% say their organisation lacks the expertise needed to develop and maintain a sustainable OT security programme
• 26% believe that their organisation's decision-making structure is so complex that it paralyses the OT security planning process

The whitepaper provides accessible advice for overcoming hurdles in designing, building and operating OT security programmes.

Frost & Sullivan’s team of analysts partnered with industrial cyber security experts at Applied Risk to describe useful actions that should be taken at every stage of a programmes lifecycle, from setting goals and responsibilities to determining vulnerabilities, selecting countermeasures and governance systems, implementing controls, and embedding assurance schemes.

The whitepaper also includes a checklist of to-dos to help cybersecurity, engineering, and management teams avoid pitfalls along the way.

Jalal Bouhdada, Founder of Applied Risk and Global Cyber Security Segment Director at DNV, says, “The industrial sector cannot excel in its digitalisation and automation efforts without robust cyber security measures in place.

"At a time of increasing geopolitical tension and tightening regulatory requirements, OT security leaders are under greater pressure to demonstrate that their organisation can manage the risks emerging from an increasingly complex cyber threat landscape.

"But there is relatively little best practice available on how to build sustainable OT security programmes. The white paper that we have published with Frost & Sullivan aims to provide OT security leaders in need with a framework for success.”

Danielle Van Zandt, Industry Manager, Commercial and Public Security at Frost & Sullivan, says, “A Blueprint for Building Sustainable Operational Technology Cyber Security Programmes addresses the multiple ingredients needed for OT security programmes to have long-term impact.

"The whitepaper gives clear advice on the process and technology considerations that must be made, and it shines a light on the importance of people. We outline the stakeholders who must commit to the programme, the culture that must be realised, and the internal and external skill sets that are needed for its success.”