Risk management, operations, security - each organization and more play a role in ensuring OT security across the enterprise. Qiang Huang of Palo Alto Networks talks about new strategies to embrace and improve security of operational technology and connected devices.
With an ever-expanding threat landscape, organizations need to possess the right tools and knowledge to deal with cyberattacks. Dawn Cappelli, head of OT-CERT at Dragos, recommends training small and medium-sized businesses that are just starting their operation technology journey.
Public sector organizations often lack the resources needed to protect against nation-state attacks and espionage, while private sector entities often struggle in defending against ransomware and similar threats, said Yaniv Vardi, CEO of Claroty, who explained why more collaboration is needed.
IT-OT convergence has created interconnection between components that were historically separate and have different maturity levels. But attacks on OT can have a kinetic impact that can lead to very grim scenarios, said Ashish Thapar, vice president and head of cybersecurity consulting at NTT.
This is the time and place in which geopolitical interests, hacktivism, espionage and all of the crime syndicates are coming together, and we're amateurs showing up at that gunfight with a knife, said Jeff Multz, senior vice president of sales in North America at Radware.
OT security programs continue to be underfunded and understaffed, although rapid growth in this sector and new focus from government and organizations show hope, said Alexander Antukh, CISO of AboitizPower, and Mex Martinot, vice preisdent and global head of industrial cybersecurity, Siemens Energy.
Threat intelligence is an important component of OT security because it maps the techniques and tactics of threat actors to what they are likely to attack, and it collaborates across teams to cover potential vulnerabilities, according to CISOs Susan Koski and Sapan Talwar.
IT and OT security are more different than most realize. IT focuses on digital systems and data, and OT concerns itself with physical systems and their interconnectivity, said Dragos CEO Robert Lee. The stark differences between IT and OT security are laid bare around vulnerability patching.
Critical infrastructure attacks during 2022 focused primarily on Eastern Europe and Ukraine given fears of reprisal from attacking the U.S., said Optiv CEO Kevin Lynch. The amount of OT security investment needed to defend against adversaries is bigger than what many organizations can handle today.
Offense is what paces innovation in cybersecurity since threat actors constantly look for new ways to compromise systems, said AllegisCyber Capital's Bob Ackerman. Many offensive cyber capabilities developed by the national intelligence community make their way into the wild and become exploitable.
Many infrastructures have both OT and IT systems, making data and device transfer between the two systems difficult. Also, some OT devices are outdated while IT systems use modern cloud devices. And the shortage of training is another important hurdle, said OPSWAT CEO Benny Czarny.
OT attacks have doubled. Mark Cristiano, global commercial director of cybersecurity services at Rockwell Automation, discusses how organizations can develop a strategic approach to OT security that aligns with their risk profile, cyber maturity and ability to absorb change.
A new Food and Drug Administration policy to "refuse to accept" premarket submissions for new medical devices if they lack of cybersecurity details will help substantially improve the state of legacy devices in the future, said the FDA's Dr. Suzanne Schwartz. Here's a look at the new requirements.
The modernization of critical infrastructures in Australia is linking asset connectivity to the heart of what sustains everyday life. As assets within the extended internet of things (XIoT) proliferate throughout operational technology networks, priority No. 1 is maintaining an accurate, always up-to-date asset...
More threat actors are dedicated to attacking industrial organizations, and that increasing volume and sophistication of attacks has left organizations clamoring for suppliers with expertise in safeguarding OT infrastructure, said Rockwell Automation's Mark Cristiano.