A new global alliance has formed with the mission to protect operational technology used in critical and industrial infrastructure from cyber-threats.
If disrupted, operational technology (OT)—the hardware and software dedicated to monitoring and controlling physical devices such as valves and pumps—can reduce productivity, cause ecological damage, and even compromise human safety.
The new Operational Technology Cyber Security Alliance (OTCSA) will follow a five-pronged approach to reduce the risk of cyber-attacks. First, the alliance will take action to strengthen the cyber-physical risk posture of OT environments and interfaces for OT/IT interconnectivity.
Second, OTCSA will guide OT operators on how to protect their OT infrastructure based on a risk management process and reference architectures/designs that are demonstrably compliant with regulations and international standards.
Third, the new guardian group will guide OT suppliers on secure OT system architectures, relevant interfaces, and security functionalities. The fourth task on OTCSA's to-do list is to support the procurement, development, installation, operation, maintenance, and implementation of a safer, more secure critical infrastructure.
And finally, the members of the global alliance will seek to accelerate the time to adopt safer, more secure critical infrastructures.
OTCSA is the first industry group to focus specifically on improving cyber-risk posture by providing tangible architectural, implementation, and process guidelines to OT operators so that they can navigate necessary changes, upgrades, and integrations to evolving industry standards and regulations.
These robust security guidelines will cover the entire lifecycle—procurement, development, deployment, installation, operation, maintenance, and decommissioning—and address aspects related to people, processes, and technology.
OTCSA launched today, with industry leaders ABB, Check Point Software, BlackBerry Cylance, Forescout, Fortinet, Microsoft, Mocana, NCC Group, Qualys, SCADAFence, Splunk, and Wärtsilä as confirmed members of the alliance.
Membership is open to any company that operates critical infrastructure or general OT systems to run its business as well as companies providing IT and OT solutions.
"OT has typically been managed as individual devices, which has made it very difficult for IT to maintain its cybersecurity mandate. Senior executives are tasking operations executives to get their OT systems integrated into the overall enterprise cybersecurity governance," said Kevin Prouty, group VP for IDC energy insights and manufacturing insights.