Deloitte’s latest POV on Reimagining OT Cyber Security Strategy delves deep into rapidly evolving OT cybersecurity.
June 21, 2022 – Deloitte’s paper “POV on Reimagining OT Cyber Security Strategy” calls on energy and industrial companies in critical sectors to rethink their approach to a business-critical challenge. This is because digital transformation requires extensive IT-OT integration, while many OT networks are still in the Middle Ages from a cybersecurity perspective, as OTORIO notes.
Many oil and gas, utilities and industrial companies are already in the process of implementing digitalization, but this means that OT assets – and the companies whose IT networks are newly connected to them – are extremely vulnerable to cyberattacks. OT networks are targeted by government and financially motivated non-state actors and are a potentially lucrative source of ransomware payments. They have the potential to disrupt operations, halt financial progress, and even endanger human lives.
OTORIO’s OT cybersecurity solutions have long aligned with Deloitte’s newly announced six-point framework. They meet the challenges of today’s OT cybersecurity environment for industrial manufacturers, critical infrastructure, and energy companies. Years before Deloitte’s announcement, OTORIO integrated much of this framework into the foundation of its OT security platform and cyber expert service.
Deloitte’s six-point framework
1. In-depth security assessment to determine the security situation
Any basis for understanding an industrial company OT security status begins with an assessment of the security posture. To create real value, this assessment should be comprehensive, fully automated, user-friendly, powerful, reliable, accurate and fast. The industry-leading RAM² platform provides industrial enterprises, oil and gas companies, and critical infrastructure facilities with an efficient and effective way to create comprehensive risk assessments, monitor, and manage OT cybersecurity. This allows stakeholders to automatically assess the risk for each OT asset, uncover hazards and vulnerabilities, review and document compliance, and measure their overall cybersecurity posture.
2. Security processes, protocols and controls
Effective security processes, protocols and controls for the oil and gas industry, critical infrastructure operators and industrial companies are critical to safety and compliance with regulations such as IEC 62443 and NERC-CIP. Maintaining secure, compliant and reliable supply chains depends on it. RAM² from OTORIO is an effective solution for this task. It is inherently secure, offers secure network segmentation as well as continuous risk and vulnerability assessment. The platform enables continuous, granular and comprehensive monitoring of the security posture and compliance governance and provides detailed and granular reports.
3. 24/7 monitoring through a robust next-generation IT-OT Security Operations Center (SOC)
Cyber risk doesn’t sleep, so SOC teams need to be able to assess, monitor, and manage risks around the clock. However, without the ability to prioritize and contextualize risks in context, fatigue can occur due to notifications that lack context and urgency. OTORIO’s industrial-grade RAM² platform enables SOC teams from utilities, critical infrastructure companies and other industrial companies to improve the effectiveness, efficiency and consistency of a plant’s security processes in real time. RAM² provides prioritized insights into cyber risks based on cross-site investigations. The OT security platform provides SOC teams with clear and actionable risk mitigation playbooks based on OTORIO’s own algorithms. It continuously monitors production, proactively searches for digital security gaps, and flags and prioritizes actionable risk mitigation measures according to potential business impacts.
4. Incident response and a cyber crisis management plan
Proactive risk avoidance instead of reactive threat detection helps reduce and eliminate vulnerabilities before they can occur. Conversely, a reaction after an attack has already taken place can be like an airbag that inflates after a car accident, rather than being something that helps prevent an attack or accident in the first place. However, the OTORIO Cybersecurity Incident Team can quickly assess security situations and work to detect and eliminate the attacker’s presence in IT and OT networks. By detecting and eliminating malicious activity before it escalates, OTORIO strengthens the overall security posture of the company.
5. Awareness raising and training
OTORIO offers on-site and remote workshops for automation engineers and CERT teams to educate about cyber threats. The OTORIO trainers assess the current state of knowledge, recommend learning paths and then work together with the internal OT and SOC teams. The goal is to automate ongoing risk assessments, improve OT cybersecurity awareness, prioritize remedial action, and provide actionable risk mitigation playbooks.
6. Red Teaming
Red teams, often referred to as “white hat hackers,” deal with ethical hacking and test a company’s security vulnerabilities. OTORIO’s professional service teams provide their cybersecurity experience at the national level, providing penetration testing, comprehensive security posture assessments, practical risk simulations, and more. OTORIO’s penetration test teams provide a comprehensive assessment of the security posture, including hands-on reality checks, also known as red teaming.
To meet the challenges of today’s OT cybersecurity environment, you need to think outside the box. Deloitte’s POV to realign OT cybersecurity strategy establishes a workable framework for securing vulnerable OT networks.
OTORIO develops and markets the next generation of OT security and digital risk management solutions. The company combines the experience of leading government cybersecurity experts with state-of-the-art digital risk management technologies to provide the highest level of protection for critical infrastructure and the manufacturing industry.
Did you enjoy this great article?
Check out our free e-newsletters to read more great articles.