Essential OT: Monitoring and Detection Is a Necessity

Essential OT: Monitoring and Detection Is a Necessity
Essential OT: Monitoring and Detection Is a Necessity

For anyone still contemplating if an attack will occur and not when, consider a point made in a recent Forbes article: cyber sabotage against critical infrastructure and functions has been increasing for a decade. Hackers always look for the weakest point, which gives a wide range of targets for disrupting, taking or, of denying aspects of the power or energy system.

Energy production and transport companies, such as liquid natural gas (LNG), power utilities, ports and pipelines, are often targeted by nationstates because of the utilities’ importance to national security. Cyber-attackers constantly develop and execute focused campaigns to disrupt, degrade, or destroy critical functions. It could be targeted, sophisticated sabotage or collateral damage from ransomware or malware. The weaponizing of operational technology (OT) will only accelerate and broaden, as hackers are shifting their focus from information technology (IT) to OT environments.

This shift signifies a transition from primarily data protection to far more consequential areas, such as power generation at utility plants, safety instrumentation systems for protecting workers and organizations’ overarching critical functions.

This trend means that OT network and communications monitoring is no longer a nice-to-have. Instead, it has become an essential tool in asset owners’ cyber posture. A monitoring capability that is designed, implemented, and tuned well has more to offer than simply monitoring against cyberattacks, as certain solutions can uncover other risks and inefficiencies that could impact worker safety and business continuity, in addition to compliance to regulatory and/or corporate policies. The goal is to minimize the risk of disruption by improving efficiency, reducing costs, and streamlining operations to maximize profitability.

The OT cyber community has a huge dilemma. The probability, impact and frequency of OT-focused attacks have ramped up significantly, yet the industry is still dealing with an estimated 3-million-person shortage for cybersecurity talent. The talent gap is worse in the OT world due to additional systems knowledge requirements, cybersecurity standards, and the like. Asset owners urgently need monitoring and detection but lack resources to implement them effectively. They are beginning to turn to solutions and service providers, which have not been able to operate well within OT environments in the past. A new variety of OT-focused service provider must emerge to help asset owners improve mean time to detection and time to respond, two of the more important metrics for identifying and dealing with incidents that could negatively impact system reliability and resiliency.

This feature originally appeared in Bill Lydon's 7th Annual Industrial Automation & Control Trends Report.

About The Author

Matt Morris is a managing director at 1898 & Co., part of Burns & McDonnell, where he leads the consultancy’s security, risk, and critical infrastructure cybersecurity practices.

Did you enjoy this great article?

Check out our free e-newsletters to read more great articles..