Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Cyber-Physical Security: Benchmarking to Advance Your Journey

Operational resilience is a priority and organizations are decisive about protecting cyber-physical systems (CPS) in today’s consolidated and converged reality

Operational resilience is a priority and organizations are decisive about protecting cyber-physical systems (CPS) in today’s consolidated and converged reality

Over the last few years, the pandemic, rapid growth in several sectors and geographies, and the work from home paradigm shift have significantly accelerated the convergence of IT and operational technology (OT) networks and necessitated a consolidated strategy to address cyber risks across cyber-physical systems (CPS). Companies began to rise to the challenge and streamlined their IT and cybersecurity strategies to reflect this reality. This meant: 

• Bringing OT and IT experts together to define a consolidated strategy 

• Looking for efficiency and cost optimizations across the cybersecurity product stack that can address both fields 

• Mapping their progress against an industry-defined and tested framework, to understand where they stand versus the competition and communicate risk and opportunities to the board 

Cybersecurity, especially for CPS, evolved from being a cost factor, to an enabler for digital transformation, to a differentiating advantage for companies that truly excel at it. 

Today, our physical world is very dependent on its digital components as we strive for greater efficiency, automation, and cost and time savings by leveraging the power of AI and insights from data analytics. These advancements all require CPS interconnectivity so we can share data and take advantage of simplified and more efficient workflows.

As a result, every company is on a journey to better and more efficient protection of CPS. The most successful companies do a great job of understanding where they are on the journey and how to structure their next steps. One framework I find especially useful towards this goal is the Gartner OT/CPS Security Journey.

Advertisement. Scroll to continue reading.

In my discussions with CISOs and security leaders, the framework is very helpful in: 

• Benchmarking against peers, competitors, and the industry as a whole 

• Highlighting the risk to the organization relative to the market, which is important in communicating risk to the board 

• Explaining the need for investment in CPS security and the priorities 

OT & IOT Journey for Cyber Physical Systems

The Gartner OT/CPS Security Journey has six phases. Below are some of my key learnings, recommendations, and best practices to help you benchmark with your peers and further your journey. 

1. Awareness. Whether prompted by a breach, the pandemic, or geopolitical conflict, organizations are being forced to re-prioritize a combined IT/OT security strategy, which usually reveals challenges in IT and OT teams working together. It’s the “storming” stage all teams must go through as they understand more deeply the unique CPS cybersecurity requirements and bring together the necessary expertise. 

2. Outreach / Asset Discovery / Network Topology Mapping. Before applying any security measures, the teams need to understand what they have, how it’s connected, and the security posture of those devices. In this stage the teams learn more about their current vendor capabilities and start to form a strategy to define consolidated governance across IT and OT networks. Collaboration between the teams typically improves as they are working on concrete challenges together and seeing progress. 

3. The “Oh Wow!” Moment. The name for this phase is spot on. Expect the unexpected in an environment that has been largely unseen, unmanaged, and increasingly interconnected in the last couple of decades. Suddenly, teams are discovering unmanaged assets everywhere, connectivity that shouldn’t be there, and many vulnerabilities across devices—most of which are unpatchable. Many security challenges are unearthed, but at least teams have visibility into those now. 

4. Firefighting. With so much to do based on the findings of the previous stage, it’s easy to be overwhelmed. This stage is a tipping point where the best organizations go through a process to prioritize efforts, not just throw resources at the findings. Having a clear definition of business objectives is imperative, as this phase is not only about closing security risks, but also about taking advantage of the advances in technology and connectivity so that CPS interconnectivity serves the larger digitalization and cost optimization priorities of the company. This is where great companies excel in showing how cybersecurity can be a competitive advantage. 

5. Integration. This phase requires the most work, as implementation takes time and thoughtful allocation of resources. Leveraging platforms that lean into integration helps greatly reduce implementation effort and cost. At this point the organization is also aligned, centralizing responsibility and accountability for securing the OT network with the CSO or CISO for consolidated governance and continuity of monitoring and reporting. This holistic process across IT and OT is the foundation upon which teams can build optimizations. 

6. Optimization. Beyond reducing risk and increasing operational efficiency, this is the stage in which organizations start to realize the power of the data and analytics they can gather from the integrated environment. Teams have an opportunity to discover even more ways in which to improve the business. Although it’s hard to get here, I’ve personally seen a number of organizations reach this point and it’s very fulfilling to be able to demonstrate all the ways in which digitalization and CPS convergence can help drive business outcomes.  

The last two years have underscored that OT networks are critical to operations, and therefore extremely valuable. Revenue is generated and customers’ lives are improved when OT networks are up and running. However, a surge in attacks on these systems have demonstrated how vulnerable they are. Fortunately, operational resilience is now a priority and organizations are decisive about taking the right next steps to protect these systems more effectively in today’s consolidated and converged reality. 

ReadOT Data Stolen by Ransomware Gangs Can Facilitate Cyber-Physical Attacks

Read: Cyberphysical Security: The Next Frontier

Written By

Galina Antova is the Co-founder and Chief Business Development Officer at Claroty. Prior to that, she was the Global Head of Industrial Security Services at Siemens, overseeing development of its services that protect industrial customers against cyber-attacks. She was also responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services for industrial control systems operators. Previously, Ms. Antova was with IBM Canada, with roles in the Provisioning and Cloud Solutions business. She holds a BS in Computer Science from York University in Toronto, and an MBA from the International Institute of Management and Development (IMD) in Lausanne, Switzerland.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or...

ICS/OT

Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...

Cybercrime

Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day.

ICS/OT

Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.