The New Year Calls for a Change in the OT Industry’s State of Security

In 2014, a Western European steel mill suffered serious damage from a phishing attack that penetrated its IT and Operational Technology (OT) networks (the software and hardware dedicated to monitoring and controlling physical devices) where attackers gained control of plant equipment. In 2018, 74% of OT organizations experienced a data breach. OT is deployed in critical industries like energy, utilities, and oil, and these vulnerabilities can cause ecological damage, negatively impact productivity, and compromise human safety.

Because of the recent convergence of IT and OT, 97 percent of organizations using industrial control systems acknowledge security challenges. Yet, the news isn’t all bad as the 2019 SANS OT/ICS Security Survey showed that more OT companies are taking a proactive and preventative approach and developing strategies to address cybersecurity.

Qualys Co-Founds Global Cyber-Security Alliance for Operational Technology – OTCSA

Concerns about OT threats have prompted companies throughout the world to form the Operational Technology Cyber Security Alliance (OTCSA). At Qualys, our mission is to create a safer ecosystem, and we are thrilled to be a founding member of this group. The focus of the alliance is to help companies improve their cyber risk posture by providing process guidelines to OT operators and solution providers. These guidelines cover the entire lifecycle — procurement, development, deployment, installation, operation, maintenance and decommissioning — and address aspects related to people, processes, and technology.

The OTCSA mission is five-fold:

1. Strengthen cyber-physical risk posture of OT environments and interfaces for OT/IT interconnectivity
2. Guide OT operators to protect their infrastructure based on a risk management process and reference architectures/designs
3. Guide OT suppliers on secure OT system architectures, relevant interfaces, and security functionalities
4. Support the procurement, development, installation, operation, maintenance, and implementation of a more secure critical infrastructure
5. Accelerate the time to adoption of safer, more secure critical infrastructures

As a company committed to contributing to the future of the cybersecurity industry, it only made sense for Qualys to join the alliance. As we approach a new year and a new decade, we hope that OT organizations can reduce the number of threats they see on a regular basis — thus decreasing ecological damage, productivity interruptions, and the risk of worker deaths. In addition to Qualys, founding members of the OTCSA include ABB, Check Point Software, BlackBerry Cylance, Forescout, Fortinet, Microsoft, Mocana, NCC Group, SCADAFence, Splunk and Wärtsilä.

To learn more about the OTCSA, visit www.otcsalliance.org.