The Importance of Cyber ​​Resilience in OT

The Importance of Cyber ​​Resilience in OT
The Importance of Cyber ​​Resilience in OT

The past few years have seen an increase in cyberattacks which have underscored the high risk to operational technology (OT) and information technology (IT). In fact, in a Fortinet survey, 93% of OT organizations said they had experienced a breach in the past year. This increase has renewed attention to cyber resilience, defined by the National Institute of Standards and Technology (NIST) as “the ability to anticipate, resist, recover, and adapt to adverse conditions, stresses , attacks or compromises on systems that use or are enabled by cyber resources.

In other words, it’s more than just a cybersecurity framework. It also involves enforcing policies and regulations that give people the control, visibility, and situational awareness they need to act quickly while maintaining safety and reliability. And as the OT sector continues to be targeted by bad actors, having a plan in place has taken on increased importance.

Building Cybersecurity Resilience in OT

OT has become a more prominent target for cybercriminals as IT/OT convergence continues and malicious actors recognize the value of these targets. The good news is that over the past three to five years there has been an increase in awareness and preparedness, as well as an understanding of the need for a preparedness plan. Boards engage in the conversation across industries – from pipelines and pharmaceuticals to transportation. And some companies even have a specialist employee who focuses solely on organizational readiness and resilience.

That said, there’s still room for improvement – ​​and for organizations that don’t yet have plans and policies in place, cybersecurity resilience should be a key part of the goals for the new year.

Awareness, communication and inventory

Awareness is an important part of cyber resilience for OT. Management is becoming more aware of its manufacturing facilities and operations. Safety is now part of every employee’s job. Businesses need to partner with their operations centers to know which threats are real and which are not.

Automation engineers are extremely talented and intelligent, but operation centers rarely interact with them. To decide on the best course of action, communication between automation engineers and operators is essential. It mainly depends on people, processes and technology, which are fundamental. This requires explaining and understanding the issues being addressed, and the process must be fluid. An organization’s response plans will adjust as threats evolve.

This awareness begins with an inventory of an organization’s current assets. It is impossible to know, for example, what an organization’s legacy vulnerabilities are without access to its current assets. It is ideal to have complete visibility when resolving emerging vulnerabilities. Architecture and engineering teams need to communicate, leaders need to be linked to security vendors, and there needs to be alignment with the business and operations. When this is accomplished, an organization will have achieved momentum forward.

Resilience and business continuity

To achieve cyber resilience against business continuity plans, start by partnering with the business. The leaders of the organization must consider the potential effects on the business before deciding to take the risk. Then, returning to the principles of communication, it is essential to ensure that internal teams, large or small, are operational. They must all be prepared.

Finally, after establishing a workflow, what is needed is flexibility and the ability to modify it as needed. The nature of business demands that leaders be aware that dangers will evolve and come from sources for which an organization may not be prepared. Everyone must be ready to join hands.

Three steps

Some of the basic things OT leaders can implement to help with their cyber resilience include:

Segmentation: This helps control OT/IT convergence as it grows. Segmentation separates a network into several smaller segments or subnets, each functioning as a separate small network. This allows network managers to manage traffic between subnets according to detailed policies. Companies can protect their most valuable industrial assets, such as human-machine interfaces (HMIs), supervisory control and data acquisition (SCADA) systems, and programmable logic controllers (PLCs) from unauthorized users by segmenting their networks. Protecting every location from intrusion is crucial because these assets are housed within an organization’s OT or Industrial Control System (ICS) settings.

Integration: IIt is important to stay focused on a process of integrating disparate products into an integrated cybersecurity platform approach.

Setting up zero trust: Zero Trust Access (ZTA) should be included in cyber plans for OT companies. Even though
not all employees work remotely, ZTA provides network-wide cybersecurity benefits and strategically enhances secure access.

Careful planning wins the day

Resilience has become such an important aspect of cybersecurity that the EU recently introduced the Cyber ​​Resilience Act, in which the EU will require digital organizations to have a minimum level of cybersecurity. For OT, cybersecurity resilience is crucial as threats increase and the air gap disappears.

Businesses need control, visibility and situational awareness to act quickly, but also to stay safe and maintain a reliable network. Awareness of OT operations is essential and must be followed by effective communication between the parties involved. Be sure to implement the three steps listed above for a complete and comprehensive cyber resilience strategy.

About the Author

Willi Nelson joined Fortinet as CISO for Operational Technology in August 2022. He brings over 25 years of information security experience in verticals such as healthcare, telecommunications, finance, manufacturing and life sciences.

Most recently, at GlaxoSmithKline (GSK), he created and led the Global OT Infrastructure Security team responsible for monitoring and protecting GSK’s OT assets. Globally, the team deployed 43 additional controls across the OT landscape assessed against the NIST CSF and aligned business units to adopt a unified security, incident response, and risk reporting model. During Willi’s tenure, he also oversaw the creation of the security organization and global cyber defense team for GSK’s Consumer Health startup (now called Haleon). Beyond building and leading the OT and Consumer Health security teams, he led the security team responsible for cloud transformation for IT and OT. Willi relies on a pragmatic and systematic approach to achieving business objectives while maturing the organizations and teams he leads.

Willi is a graduate of Rockhurst University in Kansas City, MO, USA and holds a Certified Information Security Professional (CISSP) certification in good standing. Willi lives in northwest Arkansas with his family. He is an outdoor enthusiast, cyclist, carpenter and veteran.

Did you enjoy this great article?

Check out our free e-newsletters to read other great articles.


Leave a Reply