CISOs Take on OT Security Threats to Critical Infrastructure

CISOs Take on OT Security Threats to Critical Infrastructure>
– @inforisktoday
In the rapidly evolving landscape of cybersecurity, the role of Chief Information Security Officers (CISOs) has expanded to encompass the complex task of protecting operational technology (OT) environments.
While the responsibility for industrial operations and the management of OT devices used to fall on plant managers, CISOs now understand the unique challenges and vulnerabilities associated with safeguarding the OT landscape, distinct from the traditional IT attack surface.
According to Mark Cristiano, the commercial director for Rockwell Automation’s global cyber services business, IT and security leaders are increasingly recognizing the significance of addressing OT-specific threats that can impact critical infrastructure and industries such as food and beverage and transportation.
Rockwell Automation, as a prominent manufacturer of IoT devices used in critical infrastructure environments, has positioned itself as a trusted partner capable of guiding clients through the entire security life cycle.
Rockwell Automation claims to be the sole supplier that can support clients from the initial stages of risk assessments and asset identification to the deployment of cutting-edge technologies and ongoing managed services.
By providing comprehensive solutions throughout the security journey, the company aims to help organizations effectively address the unique challenges of industrial defense and Industrial Internet of Things (IIoT) security.
Cristiano notes that IT leaders are increasingly asking more informed questions about OT security, demonstrating a growing awareness of the importance of securing critical infrastructure.
He advocates for the adoption of better security controls to mitigate potential threats.
In fact, Rockwell Automation’s participation at the RSA Conference evolved from being an attendee in 2022 to becoming an exhibitor in 2023, dedicating a booth on the show floor specifically to industrial defense and IIoT security.
During the conference, Cristiano recognized the quality and volume of discussions with customers as highly encouraging.
He highlights the ability of Rockwell Automation to meet customers wherever they are, regardless of the industry or the organization’s level of cyber maturity.
This adaptability allows Rockwell Automation to tailor their solutions to individual client needs and facilitate effective collaboration.
The article further delves into the challenges faced by public sector organizations in understanding and meeting the requirements of industrial cybersecurity regulations.
Cristiano acknowledges the need for clearer reporting requirements and guidelines to help public sector agencies comply with these regulations.
Rockwell Automation works closely with public sector organizations and regulatory bodies like the U.S.
Cybersecurity and Infrastructure Security Agency (CISA) to address the ambiguity and provide valuable feedback from their industrial customers.
Additionally, Cristiano emphasizes the broad attack surface of critical infrastructure, extending beyond traditional perceptions of water and electricity to encompass sectors like life sciences and food and beverage.
He highlights the dispersed nature of assets in critical infrastructure, making the deployment of countermeasures and security controls a more challenging endeavor.
To help industrial organizations navigate the complex world of cybersecurity, Cristiano provides a road map for securing industrial organizations.
He suggests that organizations focus on asset identification as a crucial first step, followed by obtaining a quantifiable risk profile of the assets and conducting comprehensive risk assessments that encompass internal policies, procedures, and governance structures.
An analysis of the organization’s structure helps set realistic expectations regarding its capacity to support an extended, multi-year cybersecurity program.
Rockwell Automation offers proactive services through their incident response retainer, enabling clients to recover from security incidents effectively.
The retainer includes a range of services such as tabletop exercises, penetration testing, vulnerability and risk assessments, and ongoing improvements to the customer’s cyber hygiene.
Cristiano emphasizes the necessity of disaster recovery planning, stressing that organizations should anticipate and prepare for potential attacks.
He advocates for robust incident response plans to mitigate the impact of security incidents.
Going forward, Rockwell Automation plans to enhance their OT SOC managed services by incorporating additional data sources and leveraging partnerships to bridge the skills gap and improve threat detection capabilities.
The company also aims to assist clients in quantifying their business risks and building a strong business case for launching a comprehensive, multi-year cybersecurity program.
In conclusion, the article underscores the evolving role of CISOs in understanding and protecting OT environments, particularly critical infrastructure sectors.
It highlights the proactive approach of Rockwell Automation in providing end-to-end solutions throughout the security life cycle, the importance of collaboration between public and private entities, and the need for comprehensive risk assessments, incident response plans, and ongoing cybersecurity measures to safeguard industrial organizations.
Link: https://www.bankinfosecurity.com/mark-cristiano-rockwell-automation-a-22164


Categories:

Tags: