While there are many ongoing challenges that companies face in the pursuit of operational security, the talent shortage is one of the most vexing. In fact, the White House Office of the National Cyber Director (ONCD) recently partnered with the Office of Management and Budget (OMB) on the “Service for America” initiative, which is part of the National Cyber Workforce and Education Strategy (NCWES). The aim has been to address the more than half a million cybersecurity jobs left vacant in the U.S. However, the main focus of this initiative is IT. And while we know that IT increasingly impacts OT, that still leaves a gap in OT expertise. As such, having efficient, easy to use, OT-specific strategies and solutions is critical.
What to Keep in Mind with Limited Cybersecurity Expertise
The first key strategy that resources should support is defense in-depth. What we mean by this is a layered approach to cybersecurity that includes a different set of tools, a different policy, different management, etc. This slows the pace of IT/OT convergence. That’s not to say that IT and OT teams do not need to work together, but OT needs to be specifically shielded from the many vulnerabilities that IT can face. Instead, you want IT to have visibility into OT while maintaining OT’s independence. We’ve worked with manufacturers to achieve just this. With our tools, we set operators up to know what assets are on their plant floor, scanning both IT and OT networks.
Supporting Education Expansion
But we realize that our team can only extend so far. We also want to ensure that there is a future cohort of OT professionals that can further evolve our industry, which brings us back to the talent shortage. That’s why we are engaging with the academic world to develop the talent pool. In our talks with a number of universities, we have emphasized the need to start training programs for students in OT automation and networking in general, and then layer on top of that, cyber security and network protection. Even further, it will be helpful to have education specifically designed around architecture for OT that protects critical infrastructure, power generation, and water treatment plans.
In the meantime, we are providing OT cybersecurity offerings that can be managed in a low touch, high result, efficient manner. Recent set ups of two proof of concepts – one with two switches, another with one, and both with an ICS Defender – took only between 45 minutes and one hour installation time.
Sources:
- “Cybersecurity Talent Shortage Prompts White House Action” – Nathan Eddy, Dark Reading https://www.darkreading.com/cybersecurity-operations/cybersecurity-talent-shortage-prompts-white-house-action
