What is the value in securing an organisation's operational technology (OT)?
The ideal, resilient critical operational environment balances uptime, safety, data loss prevention & security in the face of cyber attacks.
Digitalisation in the industrial sector is transforming operational effectiveness and its risk landscape. Operators need to strengthen their OT security capabilities to enhance resilience. Through a programmatic approach, deploying robust OT security in their ecosystem can protect their assets and data and prevent escalating crises.
Aligning OT security with IT security
Achieving OT security requires not just deploying technologies but also aligning teams and processes. Differing priorities between OT and IT security are common, and new stakeholders from Operations and Engineering change the traditional ‘Enterprise’ security agenda. Meanwhile, IT teams must also adopt operationally-hardened procedures in industrial environments.
Business leadership and co-ownership are essential to define outcomes, risk appetite, timeline & budgets
OT/IT convergence requires visibility of assets & adjusting security measures, along with a strong and aligned operating model
Ecosystem security (including third parties in your supply chain) is the ultimate goal
OT security is a journey, rarely a stand-alone project
Preconditions to success include a solid blueprint & programme parameters enabled by fit-for-purpose governance
Best-practice OT security programme
OT security implementation directly depends on:
1.
The solidity of joint governance over assets and data
2.
The understanding - ideally, quantified - of risk and risk appetite
3.
A target state (baseline, blueprint, to-be architecture, etc.) as appropriate
4.
A roadmap with business and technology milestones towards outcome
A closer look at the OT security blueprint
An OT security blueprint should be modular and reflect successive iterations as an organisation completes it. The blueprint indicates an organisational starting point and targets over time: the resilience agenda and landscape resulting from a merger differs from a mature global supply & manufacturing centre.
How can ISTARI help?
Increased Collaboration
Create visibility across OT/IT assets & network flows
Risk Threshold Assessment
Update baseline of threats to assure accurate risk posture, control gaps & quantify cyber risk - extending this to key supply chain participants over time
Programme Design & Execution
Orchestrate & run an accelerated global program to address prioritised gaps
Ongoing Monitoring
Continuously monitor OT environment & improve resilience
Crisis Intervention
Contain, respond to & resolve the crisis in the event of an OT environment breach
Role Assignments
Help to establish clear responsibilities & accountability