Cyber attacks on critical and industrial infrastructure are on the rise, impacting operational reliability and business risk across all industries, including utilities, manufacturing and oil & gas. Threats to operational technology (OT) can disrupt operations, negatively impact productivity, cause ecological damage and compromise human safety.
To help mitigate this risk, a new global alliance focused on cyber security just launched. The Operational Technology Cyber Security Alliance (OTCSA) was established to help companies address the OT security challenges that continue to put operations, and consequently, business at risk.
“One of the driving forces behind IT and OT convergence is cyber security of operational systems, like SCADA, MES, controllers, etc. OT has typically been managed as individual devices, which has made it very difficult for IT to maintain its cyber security mandate,” said Kevin Prouty, Group VP for IDC Energy Insights and Manufacturing Insights. “Senior executives are tasking operations executives to get their OT systems integrated into the overall enterprise cyber security governance. IDC’s IT/OT Convergence survey from 2018 shows that 65 percent of manufacturing, mining, oil & gas and utility companies see cyber security as the highest priority in IT and OT governance.”
Industry leaders ABB, Check Point Software, BlackBerry Cylance, Forescout, Fortinet, Microsoft, Mocana, NCC Group, Qualys, SCADAFence, Splunk and Wärtsilä have partnered to establish the OTCSA.
The OTCSA mission
- Strengthen cyber-physical risk posture of OT environments and interfaces for OT/IT interconnectivity
- Guide OT operators on how to protect their OT infrastructure based on a risk management process and reference architectures/designs which are demonstrably compliant with regulations and international standards, such as IEC 62443, NERC CIP and NIST 800-53
- Guide OT suppliers on secure OT system architectures, relevant interfaces and security functionalities
- Support the procurement, development, installation, operation, maintenance and implementation of a safer, more secure critical infrastructure
- Accelerate the time to adopt safer, more secure critical infrastructures.
“OTCSA aims to bridge dangerous gaps in security for critical and OT infrastructure and ICS to support and improve the daily lives of citizens and workers in an evolving world,” said Satish Gannu, CSO, ABB & Senior Vice President, Architecture and Analytics, ABB Ability. “Industry collaboration to establish guidelines is required to quickly advance the posture of OT, which is already a decade behind IT when it comes to security.”
Until now, there has been no industry group focused on improving cyber risk posture by providing tangible architectural, implementation and process guidelines to OT operators so that they can navigate necessary changes, upgrades and integrations to evolving industry standards and regulations. These robust security guidelines will cover the entire lifecycle – procurement, development, deployment, installation, operation, maintenance and decommissioning – and address aspects related to people, processes and technology.
OTCSA promotes collaboration amongst leading IT and OT companies, thought leaders in the cyber security community and vendors and OT operators from a variety of industries. Membership is open to any company that operates critical infrastructure or general OT systems to run its business (OT operators) as well as companies providing IT and OT solutions (solution providers).
“Critical infrastructures and industrial control systems are essential to organization revenue and profits and the global economy. As the market leader in device visibility and control, Forescout is committed to collaborating with the industry to establish architectural, implementation and process guidelines that further strengthen the cyber security risk posture and resiliency of operational technology,” said Damiano Bolzoni, VP of Industrial and OT Business, Forescout.
We are proud to be a member of the OTCSA and to work with other industry leaders to further the goal of bridging gaps in security for OT and critical infrastructures and ICS. The time where individual companies provided security solutions that customers and operators had to ‘bolt on’ has passed. It is now about ‘building security in,’ which can only be achieved if we all work together, drastically reducing the growing cybersecurity risks as a result,” said Philippe Courtot, Chairman and CEO, Qualys.