Cybersecurity has increasingly become top-of-mind with events such as the recent ransomware attack on supply chain management software provider Blue Yonder serving as constant reminders of its pertinence. With OT becoming more and more looped into this concern, the mission to protect such networks from evolving threats will certainly continue to be a priority throughout the rest of 2024 and into the future.
A New OT Cybersecurity Framework
The threat to OT cybersecurity is especially apparent when you consider ongoing risks associated with actors such as Volt Typhoon. As MeriTalk reported, Volt Typhoon reflects “a large interest by adversaries in not just knowing where our OT is, but also in taking a living-off-the-land approach to encamping themselves on those networks,” according to Matt Hayden, GDIT vice president for cyber and emerging threats for intelligence and homeland security.
With trends like this becoming more commonplace, security organizations from around the world have partnered to publish a new guide for OT operators. Titled “Principles of Operational Technology Cybersecurity,” the guide was put together by the Australian Cyber Security Centre (ACSC) in collaboration with CISA and other international entities to help those impacted by the potential of OT cybersecurity threats, particularly those in critical infrastructure fields. It is based on six key principles, including safety in OT environments, the protection of OT data, network segmentation, securing OT supply chains, business knowledge, and staff training.
The Important Role of OT Training
Angel Coker Jones at Commercial Carrier Journal reports that, “The NSA and other agencies recommend OT decision makers apply these six principles to help determine if a decision being made is likely to adversely impact the cybersecurity of an OT environment.” While all of the principles are essential, the last two listed above are foundational. Business knowledge ensures that companies truly understand why OT cybersecurity is worth the attention and investment, and staff training emphasizes a focus on the people in control of executing the plans to protect OT networks.
Education as amplified in the guide is necessary across the board, whether working in the private or public sector. It was the central point of a recent initiative introduced by the CISA, which launched a new platform to replace its internal education platform and Federal Virtual Training Environment. The new offering features a range of cybersecurity classes, General Services Administration webinars on artificial intelligence, and more.
Sources:
- “As Supply Chains Go Digital, Cybersecurity Must be Strongest Link” – PYMNTS https://www.pymnts.com/cybersecurity/2024/as-supply-chains-go-digital-cybersecurity-must-be-strongest-link/
- “OT Threats Rise as Government, Industry Fight Back” – MeriTalk https://www.meritalk.com/articles/ot-threats-rise-as-government-industry-fight-back/
- “ACSC and CISA Launch Critical OT Cybersecurity Guidelines” – Alessandro Mascellino, InfoSecurity Magazine https://www.infosecurity-magazine.com/news/acsc-cisa-launch-ot-guidelines/
- “National Security Agency publishes OT cybersecurity guidance” – Angel Coker Jones, Commercial Carrier Journal https://www.ccjdigital.com/technology/cybersecurity/article/15708230/national-security-agency-publishes-ot-cybersecurity-guidance
- “CISA debuts new cybersecurity training platform” – Justin Doubleday, Federal News Network https://federalnewsnetwork.com/cybersecurity/2024/11/cisa-debuts-new-cybersecurity-training-platform/
