A new industry group aims to coordinate efforts improve industrial control system security in an effort geared towards bolstering the resilience of critical infrastructure components.
The US-based Operational Technology Cybersecurity Coalition has been set up by vendors working with industrial systems, including Claroty, Forescout, Honeywell, Nozomi Networks, and Tenable. The coalition seeks to be vendor neutral and aims to build close relationships with the US government.
The new grouping will promote security intelligence sharing among manufacturers. In the past, this has been hampered by custom technologies with proprietary firmware and operating systems, along with a lack of planning for security upgrades.
This has led to concerns that industrial control systems and critical infrastructure is too hard to patch or upgrade in response to emerging vulnerabilities or new security threats.
Governments are also pushing for more focus in security in critical infrastructure, through programs such as the US’ Industrial Control Systems Cybersecurity Initiative.
Concerns about industrial cybersecurity are growing because of increased international tensions raising concerns that hostile nation states might resort to using cyber-attacks to disable or compromise critical systems.
Under the microscope
Marty Edwards, vice president of operational technology at Tenable, a coalition member, told The Daily Swig: “With the ever-increasing number of cyber incidents being faced by critical infrastructure, governments and industry alike require additional visibility into industrial control systems and operational technology networks and systems.”
Edward continued: “These are the highly specialised computing devices that underpin all aspects of our society – such as electricity and energy in general, water supply, transportation, manufacturing, and healthcare.”
Baking security into the mix
The coalition aims to promote information sharing between industrial partners and government departments. It will also stress the need to build cybersecurity protection into systems from the outset, and to follow best practices thereafter.
“Information about how these systems are vulnerable and threats that have been detected within them historically has not been shared outside of individual companies or tight knit groups,” explained Edwards. “In contrast sectors such as the financial sector have shared this type of information for years in order to make their entire sector more secure.
“There is still a general lack of understanding about these somewhat esoteric ICS and OT systems that our society depends so much on.”
According to Jon France, CISO of security body (ISC)2, teams managing industrial control systems (ICS) and operational technology face challenges from both the lifecycle of OT equipment, and changes in how the technology is being used.
“OT is an area that is getting a lot of focus recently with regards to cybersecurity. Generally, as more and more physical processes are being automated or digitised, something that has accelerated during and post-pandemic… it presents a significant threat surface area,” France told The Daily Swig.
Playing the long game
Long technology refresh cycles, especially compared with IT, make it harder to improve the security of industrial control systems. At the same time, ICS and OT systems are increasingly connected to the public internet for monitoring and control reasons, a development that leaves industrial systems more at risk of attack.
A lack of standardisation also makes it harder for security teams to manage and respond to alerts.
“Over the last 10 years we have seen a dramatic increase in OT becoming part of our core fabric,” Anthony Holmes, a cybersecurity consultant and managing director at MODSEC, told The Daily Swig.
“One vendor alone cannot protect this entire ecosystem. Each OT manufacturer has a unique OS for that device which in turn needs updating & patching. The complexity of these solutions tied to the critical systems they run and maintain are why this coalition is vital for the future of OT security.”
According to Holmes, previous OT security initiatives have focused on vendor partnerships, but the coalition will make collaboration more effective.
“It is a huge step forward to see hardware, software and in future, platform vendors working together to reduce the attack surface and increase operational resilience,” Holmes concluded.
Source: https://portswigger.net/daily-swig/ot-security-coalition-aims-to-bolster-industrial-cybersecurity
