Imagine you only have one dollar to spend, and there is only so much time in the day to figure out how to best utilize it. You have to ask yourself…How do I keep the plant floor running with efficient time and resources? That’s the question many working with OT are faced with and the question we’ve come across again and again in our recent industry gatherings.
The OT Crunch
What we’ve heard from a number of customers and prospects – some with global reach, some just US-based – is that protecting the operational technology and industrial control system network is still in early stages of development. Therefore, the worry that many have is the possibilities of what will happen if they open Pandora’s box. If they open it and operations start going the wrong way, they only have so much time to spend to course correct. In turn, they’re hesitating because they don’t want to go down a path that will create them more work and then also give them less protection and control.
However, we know that addressing OT is an essential part of running operations today. The question then comes down to…What should you do first? The initial thought is to always do an assessment, which is good. Assessments of your network, assets, and software bill of materials are all necessary. But as you’re assessing, the challenge there is that the threat is still active. Take the Volt Typhoon case for example, which we covered previously. That demonstrated the way attackers are getting in and the connection between the IT and OT attack surface. With risks such as that one becoming more prevalent, what can you do at the OT network, which sits further south of the IT network, especially If you’ve only got a dollar to spend and only got an hour to develop?
Efficiently Reducing the Attack Surface
You have to protect. That’s why DYNICS builds the tools that we do. If you can reduce the attack surface of the OT network with a protection-led and control-led deployment of technology, that will be the most efficient use of the dollar and time spent. If you invest in integrating that into the foundation, then you are buying yourself the space to conduct thorough assessments and the other steps to quantify what you have. Taking this approach will also help you more effectively (and efficiently) defend against what TechTarget lists as the top OT threats and security challenges: safety, uptime, lifespans, exposure, and regulation. Plus it will help you avoid being part of a statistic. A recent industry survey just concluded that three-quarters of its 2,000 respondents said that they had detected malicious cyber activity in their OT environment.
Sources:
- “5 top OT threats and security challenges” – Karen Scarfone, TechTarget
https://www.techtarget.com/searchsecurity/tip/Top-OT-threats-and-security-challenges - “1 in 4 Organizations Shut Down OT Operations Due to Cyberattacks: Survey” – Eduard Kovacs, SecurityWeek
https://www.securityweek.com/1-in-4-organizations-shut-down-ot-operations-due-to-cyberattacks-survey/
