The Latest in OT Cyber Resilience Recommendations
Operational Technology (OT) is the catch-all term used for the Industrial Control Systems (ICS) and Monitoring systems that are essential for the functioning of the modern world. Examples of infrastructure that relies on OT include power generation and distribution, oil & gas refining and distribution, city infrastructure, rail and road transport, airport and port control, drinking & wastewater removal, health infrastructure, and manufacturing processes in small specialist production providers through to huge industrial-scale production of bulk raw materials and finished goods.
OT systems that have largely been managed independently or in small, isolated networks are increasingly connected to the Internet. This allows the OT infrastructure to be monitored, managed, and controlled remotely like traditional IT systems. OT systems are very different from traditional IT infrastructure. OT is typically made up of hardware and software combinations in Industrial Control Systems and Programmable Logic Controllers (PLCs) that are often grouped into overarching Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS).
The increasing trend to bring these OT systems online means that there is an increase in the attack surface that cybercriminals can target. Therefore, these systems need to be protected from cyberattacks. Protecting them is a specialist role that may not be available to many organisations. Renaissance’s partner Oleson Consulting has the experience to ensure OT and IT cybersecurity best practices. Oleson are focused, experienced, and skilled in OT and IT systems in manufacturing operations, particularly in regulated life sciences manufacturing. Their strength is looking at the big picture across OT and IT systems and ensuring that the best cyber protections are in place to protect both. They do this across:
- Manufacturing operations
- Business continuity
- IT infrastructure
- Compliance & change control
- System lifecycle planning
Oleson are ready to provide strategic advice or specific implementation services to deliver successful projects alongside existing teams or entirely if required. They have many years of experience in complex OT/IT projects in manufacturing operations for clients like AstraZeneca, Pfizer, Caterpillar, Johnson-Johnson, and many more. Contact Renaissance to find out how we, in partnership with Oleson can make sure your OT systems in manufacturing, and other sectors, are secure and safe from cyberattacks.
The Increasing Threat to OT Infrastructure
OT systems are a tempting target for cybercriminals. If they can gain access to them, they can disrupt operations, and/or alter crucial product recipes, for example. However, in more recent times the goal is increasingly focused upon deployment of Ransomware and other malware to extort money via ransom demands. Having industrial operations disrupted, or shut down is very costly for a business, and due to this, cybercriminals think that any industrial organisations they can disrupt are more likely to pay, especially organisations in tightly regulated industries, such as pharmaceuticals and critical national infrastructure.
The protection of OT equipment and systems is a specialised task. Relying on IT teams to make them secure can lead to problems as they will typically not be as familiar with the protocols used in OT systems as they are with those used in mainstream IT. Many companies have realised this. A survey from TrapX Security released in November 2020 showed that 53% of manufacturers had concerns about their OT security.
The attacks targeting OT infrastructure are increasing at an alarming rate around the world. There have been many examples in the news recently. So many that it is now on the radar of governments and the focus of many governmental agencies. For example, the US Cybersecurity & Infrastructure Security Agency (CISA) issued this three-page advisory in June of this year: Rising Ransomware Threat To Operational Technology Assets (PDF link). In the UK, the National Cyber Security Centre has a guidance page on Operational Technologies, and the Health & Safety Executive has a page on the protection of control systems.
Operational Technology Cybersecurity Protection
Protecting industrial OT systems from attack requires wide-ranging knowledge that also deep dives into the various components that need to be protected. This is precisely the skillset that Oleson can provide for organisations of all sizes. By bringing their years of experience into other organisations, they can ensure industry best practices in OT cybersecurity systems.
Oleson are expertly placed to meld together all of the stakeholders in an organisation across management, operations, and IT so that the common goal of security gets delivered without inter-departmental issues getting in the way.
Protecting OT requires cross-functional teams if it’s to be delivered successfully. Oleson has the experience and the skills to work across boundaries and technologies to ensure that cybersecurity protections for OT and, by extension, the IT systems they use are robust.
It can be hard to build a project team of OT and IT experts to deliver a secure setup. Renaissance and Oleson can provide the experience, understanding, people, and technologies to allow any organisation with OT infrastructure to build such a team to secure their infrastructure against bad actors. Contact us today to start a conversation and get access to the latest in OT cyber resilience recommendations - we are hosting 1-1 Cyber Resilience Breifings to explain how Oleson can provide the strategic advice and implementation services required to ensure your OT/IT systems directly drive your business needs. Learn more and sign up here.