On Wednesday, 3 June 2020 our webinar on “Cyber Security in relation to IT/OT convergence in Energy sector” took place. Here are some key takeaways:
- As operational technology (OT) systems become more and more connected, the need for securing them is increasing as well;
- Why do we need to secure OT systems? Think about the OT paradox. In a nutshell, it means that even though OT systems support the most important business processes in companies (i.e. production and distribution of goods), we are not focusing our security efforts on these systems;
- A successful OT security strategy is built around 5 pillars:
- Strategy & Governance: make a plan for improvement, align on roles & responsibilities;
- Risk management: a risk-based approach enables you to focus your efforts on what matters most. Be pragmatic in identifying risks and, when possible, you can recycle methodologies that are already used in a safety context in your organization;
- Security by design: while it might not seem easy to implement, think about safety. Many companies are doing safety by design. So, if you can do it for safety, you can do it for security;
- Control design & implementation: this is not rocket science - several principles from the IT space can be used in OT as well. However, some tweaking might be required in order to fit the OT context (e.g. when doing patch management);
- SOC operations: this is an example of the OT paradox. Even though OT systems are critical, they are often not, or only partially, onboarded in the SOC activities. As a result, the focus of security efforts is not on the systems that support the most important business processes (e.g. production & distribution).
If you missed the webinar or would like to revisit (all or some of) the sections, we invite you to watch the recording and download the slides. If you have any further questions or comments, do not hesitate to reach out to the relevant expert as listed below.