Operational Technology Security Takes Center Stage Through Public-Private Programs Cal Harrison • September 16, 2022 IT and OT: A tale of two technologies under fire
The vulnerabilities of OT systems have been known and ignored for years, but that’s starting to change. A series of breaches affecting U.S. critical infrastructure, an increasingly hostile threat environment and government programs to promote information sharing, training and cyber grant funding could finally put IT and OT security on equal ground.
The warning signs are everywhere. The recent Ponemon Institute Cost of a Data Breach Report found that the largest volume of ransomware attacks in 2021 targeted manufacturers – surpassing the banking sector. A 2022 Rockwell Automation-sponsored survey of critical infrastructure firms showed that 73% of respondents had been attacked in the past year – and 66% had inadequate patching programs in place.
In the face of high-profile breaches of water systems and fuel supplies, President Joe Biden issued a memorandum in 2021 calling for the Department of Homeland Security to establish cybersecurity performance goals for the 16 critical infrastructure sectors. The Cybersecurity and Infrastructure Security Agency is charged with rolling out the guidelines for public and private entities with OT systems – ranging from small community water systems to global defense manufacturers.
While CISA is months behind the deadline to roll out sector-specific performance goals, the agency this week outlined plans to streamline information sharing, provide cyber grants to small and midsized organizations and support training and research – helping to finally give equal footing to IT and OT security.
In this video with Information Security, experts and regulators discuss:
- The state of OT device security and inherent and external supply chain issues;
- Public and private efforts to formalize security practices, tools and intelligence to support critical infrastructure security;
- Key strategies for better collaboration and adoption.