Cyberattacks on critical and industrial infrastructure are on the rise, impacting operational reliability and business risk across all industries, including utilities, manufacturing and oil and gas. Meanwhile, threats to operational technology can disrupt operations, negatively impact productivity, cause ecological damage and compromise human safety. To help mitigate this risk, a new global alliance focused on cyber security has formed. The Operational Technology Cyber Security Alliance (OTCSA) was established to help companies address the OT security challenges that continue to put operations and businesses at risk.
“One of the driving forces behind IT and OT convergence is cyber security of operational systems, like SCADA, MES, controllers, etc. OT has typically been managed as individual devices, which has made it very difficult for IT to maintain its cyber security mandate,” says Kevin Prouty, Group VP for IDC Energy Insights and Manufacturing Insights. “Senior executives are tasking operations executives to get their OT systems integrated into the overall enterprise cyber security governance. IDC’s IT/OT Convergence survey from 2018 shows that 65 percent of manufacturing, mining, oil & gas and utility companies see cyber security as the highest priority in IT and OT governance.”
ABB, Check Point Software, BlackBerry Cylance, Forescout, Fortinet, Microsoft, Mocana, NCC Group, Qualys, SCADAFence, Splunk and Wärtsilä have partnered to establish the OTCSA.
The OTCSA mission is outlined:
- Strengthen cyber-physical risk posture of OT environments and interfaces for OT/IT interconnectivity
- Guide OT operators on how to protect their OT infrastructure based on a risk management process and reference architectures/designs which are demonstrably compliant with regulations and international standards, such as IEC 62443, NERC CIP and NIST 800-53
- Guide OT suppliers on secure OT system architectures, relevant interfaces and security functionalities
- Support the procurement, development, installation, operation, maintenance and implementation of a safer, more secure critical infrastructure
- Accelerate the time to adopt safer, more secure critical infrastructures
“OTCSA aims to bridge dangerous gaps in security for critical and OT infrastructure and ICS to support and improve the daily lives of citizens and workers in an evolving world,” says Satish Gannu, Chief Security Officer, ABB & Senior Vice President, Architecture and Analytics, ABB Ability. “Industry collaboration to establish guidelines is required to quickly advance the posture of OT, which is already a decade behind IT when it comes to security.”
There has yet to be an industry that solely focuses on improve cyber risk posture by providing tangible architectural, implementation and process guidelines to OT operators so they can navigate necessary changes, up grades and integrations to evolving industry standards and regulations. The guidelines will cover the entire lifecycle and address aspects related to people, processes and technology.
“The negative consequences of compromised critical infrastructures are as severe as ever, while the complexity and urgency in securing them continues to escalate. The coming together of an action-oriented group of stakeholders who share a common vision of more secure and resilient critical infrastructure is an important step in meaningful collaboration. The OTCSA will address the unique challenges of securing OT environments, which is fundamental to maintaining our economic competitiveness, national and personal security and public safety,” says Phil Quade, CISO, Fortinet
OTCSA promotes collaboration amongst leading IT and OT companies, thought leaders in the cyber security community and vendors and OT operators from a variety of industries. Membership is open to any company that operates critical infrastructure or general OT systems to run its business (OT operators) as well as companies providing IT and OT solutions (solution providers).