Incorporating OT for a holistic cybersecurity transformation
In the past, industrial systems were not considered to have high cyber-risk because they were isolated without connectivity to enterprise systems or the internet. They were also securely protected through obscurity and typically considered of low interest to cyber-attackers.
That reality simply doesn't exist anymore, and now industrial cyber-risk is much higher due to an increase in:
- Exposure and data sharing between IT and industrial systems
- Geopolitical tension, which has increased across the region since the pandemic
- Transition to cloud-based applications and analytics
- Sophistication of attacks and threat actors.
According to Gartner, “to reduce risk, security and risk management leaders should eliminate IT and OT silos by creating a single digital security and risk management function. This function should report into IT but should have responsibility for all IT and OT security.
As threats to OT systems in Asia intensify, there are several reasons to include OT in an enterprise-level security operations center (SOC). With a combined approach, companies can:
- Stop threats faster by identifying them in the earlier stages of the cyber-‘kill chain'. These threats often originate in IT systems.
- Enhance response times by breaking down silos and improving communication between IT and OT teams.
- Keep costs lower by introducing one comprehensive SOC instead of multiple disparate SOCs.
- Address the talent shortage through organizations leveraging their teams' strengths. For many organizations, it is easier to close the skills gap by training IT resources on OT sensitivities than training OT people on IT cybersecurity skills. At the beginning of 2019, it was estimated that the APAC region needed over two million extra cybersecurity workers to meet the skills gap.
The US Government has gone some way to addressing some of these points – through the Continuous Diagnostics and Mitigation (CDM) program, led by the Cybersecurity and Infrastructure Security Agency (CISA).
This program is both a resource from which organizations across Asia can learn, and an example of the type of formal institution that can be created to integrate OT into SOCs and broader cybersecurity initiatives.
Aside from implementing a continuous diagnostics and mitigation program (CDM) like in the US, there are several best practices organizations here can implement to better unify IT and OT. Here are some suggested programs to consider to prepare for a digital transformation:
- Compliance-led initiatives such as SIEM architecture and capacity review and regulatory and compliance alignment
- Assessments such as cyber-defence readiness, technical and executive tabletop exercises, and cyber-range or simulation exercises
- Cyber-intel driven planning such as cyber-threat intel capability uplift
- Cyber-response programs such as malware analysis training, OT skills uplift for IT cybersecurity teams, and IT cyber-knowledge sharing with the OT teams.
These activities can identify strengths and opportunities for improvement, and ultimately provide a clear roadmap on what each unit brings – or can bring – to provide a more resilient, cyber-secure organization.
Stay tuned for part three of this series.