The Importance of Cyber Resiliency in OT

The Importance of Cyber Resiliency in OT
The Importance of Cyber Resiliency in OT

The past few years have seen a rise in cyber-attacks that have underscored the elevated risk to operational technology (OT) and information technology (IT). In fact, in a Fortinet survey, 93% of OT organizations said they experienced an intrusion in the past year. This increase has brought a renewed focus on cyber resiliency, defined by The National Institute of Standards and Technology (NIST) as “The ability to anticipate, withstand, recover from and adapt to adverse conditions, stresses, attacks or compromises on systems that use or are enabled by cyber resources.”
In other words, it’s more than just a cybersecurity framework. It also entails the application of policies and regulations that provide people the control, visibility and situational awareness they need to act quickly while maintaining safety and reliability. And as the OT sector continues to be targeted by bad actors, putting a plan in place has taken on increased importance.

Creating cybersecurity resiliency in OT

OT has become a bigger target for cybercriminals as the convergence of IT/OT continues and bad actors recognize the value of these targets. The good news is that over the past three to five years, there’s been an increase in awareness and readiness–and the understanding of the need for a readiness plan. Boards are becoming involved in the conversation across industries – from pipelines and pharmaceuticals to transportation. And some companies even have a specialized employee who focuses solely on organizational readiness and resilience.
That said, there’s still room for improvement–and for those organizations that haven’t yet put plans and policies in place, cybersecurity resilience should be a key part of goals for the new year. 

Awareness, communication and inventory

An important piece of cyber resilience for OT is awareness. Leadership is gaining greater awareness of their manufacturing facilities and operations. Security has become part of every employee’s job. Companies need to partner with their operation centers so they can tell which threats are real and which aren’t.

Automation engineers are exceedingly talented and intelligent, yet operation centers rarely interact with them. To decide on the best course of action, communication between automation engineers and operators is essential. It mostly comes down to people, process, and technology, which are foundational. It requires the explanation and the comprehension of the issues being addressed, and the process must be fluid. An organization’s response plans will adjust as threats evolve.
This awareness begins with an inventory of an organization’s current assets. It’s impossible to know, for instance, what an organization’s inherited vulnerabilities are without access into its current assets. It’s ideal to have complete visibility when addressing emerging vulnerabilities. Architecture and engineering teams should communicate, leaders should be linked with security suppliers, and there must be alignment with the business and operations. When this is accomplished, an organization will have achieved forward momentum.

Resilience and business continuity

To achieve cyber resilience in relation to business continuity plans, start by partnering with the business. Organizational leaders must consider the potential effects on the business before deciding whether to take the risk. Then, returning to the principles of communication, it’s critical to ensure that internal teams—large or small—are operational. They all must be prepared.
Finally, after establishing a workflow, what’s needed is flexibility and the ability to change it as needed. The nature of the business requires leaders to be aware that dangers will evolve and arrive from sources for which an organization may not be prepared. Everyone must be willing to lend a hand to one another. 

Three steps

Some of the core things that OT leaders can implement to help with their cyber resiliency include:

Segmentation: This helps control OT/IT convergence as it grows incrementally. Segmentation separates a network into many smaller segments or subnets, each of which functions as a separate little network. This enables network managers to manage traffic between subnets according to detailed policies. Businesses can protect their most valuable industrial assets, such as human-machine interfaces (HMIs), supervisory control and data acquisition (SCADA) systems, and programmable logic controllers (PLCs) from unauthorized users by segmenting their networks. It is crucial to protect every location from intrusions since these assets are housed within an organization’s OT or industrial control system (ICS) settings.

Integration: It’s important to stay focused on a process to integrate disparate products into an integrated cybersecurity platform approach.

Implementation of zero trust: Zero trust access (ZTA) should be included in cyber plans for OT firms. Even if
not every employee works remotely, ZTA offers cybersecurity advantages for the entire network and improves secure access in a strategic way.

Careful planning wins the day

Resilience has become such an important aspect of cybersecurity that the EU has recently introduced the Cyber Resilience Act, in which the EU will require digital organizations to have a minimum level of cybersecurity. For OT, cybersecurity resiliency is crucial as threats increase and the air gap disappears.
Companies need control, visibility, and situational awareness to act quickly but also stay safe and maintain a reliable network. Awareness of OT operations is vital, and it must be followed by effective communication among involved parties. Be sure to implement the three steps noted above for a well-rounded, full-bodied cyber resiliency strategy.

About The Author

Willi Nelson joined Fortinet as the CISO for Operational Technology in August 2022. He brings more than 25 years of experience in information security working across industry verticals such as healthcare, telecom, financials, manufacturing, and life Sciences.

Most recently with GlaxoSmithKline (GSK), he established and directed the Global OT Infrastructure Security team charged with monitoring and protecting the OT assets for GSK. Globally, the team deployed 43 additional controls across the OT landscape assessed against NIST CSF and aligned business units to embrace a unified model for security, incident response, and risk reporting. During Willi’s tenure, he also oversaw the creation of the Security Organization and the Global Cyber Defense team for GSK’s Consumer Health startup (now called Haleon). Beyond building and leading the OT and Consumer Health security teams, he led the security team responsible for Cloud transformation for both IT and OT. Willi relies on a pragmatic and systematic approach to achieve company goals while also maturing the organizations and teams he leads.

Willi is a graduate of Rockhurst University in Kansas City, MO, USA and holds a CISSP (Certified Information Security Professional) certification in good standing. Willi lives in NW Arkansas with his family. He’s an avid outdoorsman, cyclist, woodworker and veteran.

Did you enjoy this great article?

Check out our free e-newsletters to read more great articles..