sb-au logo
Story image

Incorporating OT for a holistic cybersecurity transformation

11 Dec 2020

Article by Nozomi Networks cybersecurity strategist and regional sales director APAC, Vincent Liu.
 

This article is the second of a three-part series on the operational technology (OT) digital transformation journey for Asian organizations (see here for parts one and three).

In the past, industrial systems were not considered to have high cyber-risk because they were isolated without connectivity to enterprise systems or the internet. They were also securely protected through obscurity and typically considered of low interest to cyber-attackers. 

That reality simply doesn’t exist anymore, and now industrial cyber-risk is much higher due to an increase in:

  • Exposure and data sharing between IT and industrial systems
  • Geopolitical tension, which has increased across the region since the pandemic
  • Transition to cloud-based applications and analytics
  • Sophistication of attacks and threat actors.

According to Gartner, “to reduce risk, security and risk management leaders should eliminate IT and OT silos by creating a single digital security and risk management function. This function should report into IT but should have responsibility for all IT and OT security.”

As threats to OT systems in Asia intensify, there are several reasons to include OT in an enterprise-level security operations center (SOC). With a combined approach, companies can:

  • Stop threats faster by identifying them in the earlier stages of the cyber-‘kill chain’. These threats often originate in IT systems.
  • Enhance response times by breaking down silos and improving communication between IT and OT teams.
  • Keep costs lower by introducing one comprehensive SOC instead of multiple disparate SOCs.
  • Address the talent shortage through organizations leveraging their teams’ strengths. For many organizations, it is easier to close the skills gap by training IT resources on OT sensitivities than training OT people on IT cybersecurity skills. At the beginning of 2019, it was estimated that the APAC region needed over two million extra cybersecurity workers to meet the skills gap.

The US Government has gone some way to addressing some of these points – through the Continuous Diagnostics and Mitigation (CDM) program, led by the Cybersecurity and Infrastructure Security Agency (CISA).

This program is both a resource from which organizations across Asia can learn, and an example of the type of formal institution that can be created to integrate OT into SOCs and broader cybersecurity initiatives.

Aside from implementing a continuous diagnostics and mitigation program (CDM) like in the US, there are several best practices organizations here can implement to better unify IT and OT. Here are some suggested programs to consider to prepare for a digital transformation:

  1. Compliance-led initiatives such as SIEM architecture and capacity review and regulatory and compliance alignment
  2. Assessments such as cyber-defence readiness, technical and executive tabletop exercises, and cyber-range or simulation exercises
  3. Cyber-intel driven planning such as cyber-threat intel capability uplift
  4. Cyber-response programs such as malware analysis training, OT skills uplift for IT cybersecurity teams, and IT cyber-knowledge sharing with the OT teams.

These activities can identify strengths and opportunities for improvement, and ultimately provide a clear roadmap on what each unit brings – or can bring – to provide a more resilient, cyber-secure organization.

Stay tuned for part three of this series.

Story image
Palo Alto Networks advances attack surface management with Expanse
"By integrating Expanse's attack surface management capabilities into Cortex after closing, we will be able to offer the first solution that combines the outside view of an organisation's attack surface with an inside view to proactively address all security threats."More
Story image
DCI Data Centers to build $400m facility in Sydney
DCI Data Centers has secured development approval for a new AU$400 million data centre in Sydney’s Eastern Creek.More
Story image
Holistic web protection market to reach $3.63bn by 2025
Retail, banking and technology sectors are driving the global holistic web protection market, according to new findings from Frost and Sullivan. More
Story image
Microsoft top targeted brand by cyber criminals in Q4 2020
In Q4, 43% of all brand phishing attempts related to Microsoft (up from 19% in Q3), as threat actors continued to try to capitalise on people working remotely during the COVID-19 pandemic’s second wave. More
Story image
Cybersecurity spending to increase following SolarWinds hacking
Hackers breached software provider SolarWinds, directly infecting the company’s Orion software as well as several local, state and federal agencies.More
Story image
The current state of ransomware — and its future
Discoveries made by analysts at Sophos have unearthed a new development: ransomware code appears to have been shared across ‘families’, and some of the ransomware groups seemed to work in collaboration more than in competition with one another. More