Several major tech and cybersecurity companies have joined forces for a new initiative called the Operational Technology Cyber Security Alliance (OTCSA), which aims to help industrial and critical infrastructure organizations address challenges related to OT security by providing guidance and resources.
Founding members of OTCSA include equipment manufacturers ABB and Wärtsilä, along with Microsoft and cybersecurity solutions providers Check Point Software, BlackBerry Cylance, Forescout, Fortinet, Mocana, NCC Group, Qualys, SCADAFence and Splunk. Mocana and SCADAFence specialize in securing industrial control systems (ICS).
Other companies that provide IT or OT solutions and organizations that operate critical infrastructure and OT systems are welcome to join the project.
The OTCSA has set out five major goals: helping organizations strengthen the cyber-physical risk posture of OT and OT/IT interconnectivity, guiding OT operators on protecting their infrastructure, guiding OT suppliers on developing secure products, supporting the development and implementation of safer and more secure critical infrastructure, and helping accelerate the adoption of safer and more secure critical infrastructure.
Guidelines provided by the OTCSA will cover the entire lifecycle of OT systems, along with every aspect related to people, processes and technology.
Founding members of the OTCSA say this is the first industry group whose goal is to provide tangible architectural, implementation and process guidelines to OT operators.
“The compromise of operational technology used in production facilities is becoming a preferred steppingstone for cybercriminals looking to find a way into a company’s network. There is a strong need to collaborate within our ecosystems of suppliers, customers and other partners, even competitors, to fight the common enemy of cyber-crime. The game is changing and so must we,” said Mark Milford, VP of Cyber Security at Finland-based Wärtsilä.
Satish Gannu, CSO at ABB, commented, “OTCSA aims to bridge dangerous gaps in security for critical and OT infrastructure and ICS to support and improve the daily lives of citizens and workers in an evolving world. Industry collaboration to establish guidelines is required to quickly advance the posture of OT, which is already a decade behind IT when it comes to security.”