Connect with us

Hi, what are you looking for?



The OT Security Opportunity for CISOs

In my previous column, I talked about the rapidly changing geopolitical landscape and the escalation of cyberattacks on critical infrastructure. Some of you may be wondering: “Why should I care? Russia and other nation-states aren’t focused on me and my networks.”

In my previous column, I talked about the rapidly changing geopolitical landscape and the escalation of cyberattacks on critical infrastructure. Some of you may be wondering: “Why should I care? Russia and other nation-states aren’t focused on me and my networks.”

If you’re a CISO at an insurance company or a medical facility or any organization where these networks aren’t critical components to your business, then you’re probably right. They probably aren’t targeting your organization specifically. But I’m sure you’re familiar with the concept of collateral damage.

The attacks on Ukraine over the last five years are a test case for how a country’s infrastructure can be disrupted and paralyzed, and how companies’ OT networks can be severely impacted. While OT networks were not the primary target, just the accidental spill-over of NotPetya from IT to OT networks, was a wake-up call. Operations came to a standstill at many companies – a powerful indicator of what the outcome could be if those attacks specifically targeted industrial networks, and a clear reason why securing OT environments should be a priority. And since the Western world didn’t have the adequate response to those attacks on Ukraine, we can expect that a more emboldened Russia will reach further, as cyber respects no geographical boundaries. 

Every company in the world relies on industrial networks. For nearly half of the Fortune 2000 – in industries including oil and gas, energy, utilities, manufacturing, pharmaceuticals, and food and beverage – these networks are critical components to their business. While the rest rely on OT networks to run their office infrastructure – lights, elevators, and datacenter infrastructure.

Adversaries understand the importance of these networks and how to manipulate them in ways that would not be immediately observable but could erode public trust. For example, disrupting production of the top pharmaceutical companies to create shortages of medications. Or tampering with the industrial machines responsible for logistics at our largest transportation hubs to bring commerce to a standstill. From a technical feasibility perspective, we all know it’s doable. We also know these types of attacks are extremely difficult to detect and attribute since we lack visibility into industrial networks. 

Despite their ubiquity, OT networks are often a black box for security teams; they simply don’t have the telemetry to see and monitor these environments. Having been in place for decades, these networks typically lack even basic security defenses. Furthermore, the teams that run these networks prioritize availability over confidentiality. The risk of disruption and downtime to implement a new security control, a patch or a system upgrade is a non-starter for them. Not to mention that making changes to these multimillion-dollar systems usually voids warranties. 

If OT networks could remain completely disconnected from IT systems this wouldn’t be a problem. But that is no longer the case. Companies have unlocked tremendous business value connecting these aging networks to IT systems for automation and inputs, and IT-OT convergence has taken off. While the improvements in operations efficiencies, performance and quality of service have been a boon to business, IT-OT convergence can also be detrimental. Since the OT network is a blind spot, adversaries can use them as a pathway into IT environments, and vice versa. Adversaries can enter through the IT side and remain undetected within the OT environment for months or even years, looking for subtle ways to undermine operations and create havoc.

Digital convergence is here to stay and is good for business. It is also creating greater urgency to address the IT-OT security gap. Chances are you’ve worked hard and made strategic investments to build a strong cybersecurity foundation on the IT side to support your company’s digital initiatives. Now you have an opportunity to do the same on the OT side. Consider your next budgeted security dollar within the context of overall risk reduction. Where do you think you’ll get more incremental value: purchasing yet another Endpoint Detection and Response (EDR) solution or bringing visibility and monitoring to your OT network?

Advertisement. Scroll to continue reading.

So yes, Russia probably doesn’t care about your OT network per se. But you might happen to work in an interesting industry that could be a pawn in a larger geopolitical disruption campaign, or you could be collateral damage when powerful cyber weapons are released. While adversaries’ actions may not be blatant, they could have dire consequences, eroding the trust of the public across aspects of our lives we take for granted. 

It’s early days for this form of economic warfare. Fortunately, you have an opportunity to learn from these test cases and take a proactive stance to secure your OT environment.

Learn More about OT Security at SecurityWeek’s ICS Cyber Security Conference

Written By

Galina Antova is the Co-founder and Chief Business Development Officer at Claroty. Prior to that, she was the Global Head of Industrial Security Services at Siemens, overseeing development of its services that protect industrial customers against cyber-attacks. She was also responsible for leading its Cyber Security Practice and Cyber Security Operations Center, which provided managed security services for industrial control systems operators. Previously, Ms. Antova was with IBM Canada, with roles in the Provisioning and Cloud Solutions business. She holds a BS in Computer Science from York University in Toronto, and an MBA from the International Institute of Management and Development (IMD) in Lausanne, Switzerland.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...


Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.


Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).


Cybersecurity firm Forescout shows how various ICS vulnerabilities can be chained for an exploit that allows hackers to cause damage to a bridge.

Cybersecurity Funding

Internet of Things (IoT) and Industrial IoT security provider Shield-IoT this week announced that it has closed a $7.4 million Series A funding round,...


More than 1,300 ICS vulnerabilities were discovered in 2022, including nearly 1,000 that have a high or critical severity rating.