WHY?
As the Alliances communities have access to a breadth of professionals who are up to speed on the reality of impacting Operational Technology (OT) cybersecurity and Industrial Control Systems (ICS) which are highly interconnected and often considered integral parts of ensuring the security and reliability of industrial and critical infrastructure environments.
As a community, we are able to continue to benchmark, debate and create best practices for TECHNICAL, STRATEGIC and CULTURAL improvements for those working within this space. Area highlighted within the inception meeting of this Alliances Project are inclusive of but not limited to the below:
Interdependence: ICS refers to the combination of control systems and technologies used in industrial operations, such as manufacturing, energy, transportation, and utilities. OT, on the other hand, encompasses the hardware and software used to monitor and control physical devices, processes, and infrastructure. ICS relies heavily on OT components and systems to function effectively.
Cybersecurity Concerns: The convergence between OT cybersecurity and ICS lies in the shared cybersecurity concerns they face. Both domains deal with protecting critical infrastructure and operational technologies from cyber threats. Ensuring the security, availability, and integrity of ICS necessitates robust OT cybersecurity measures.
Unique Challenges: OT environments have specific challenges that differentiate them from traditional IT networks. These include legacy systems, longer technology life cycles, real-time operation requirements, and a focus on safety and reliability. Integrating cybersecurity into these environments requires specialized approaches that consider these unique characteristics.
Risk Management: Convergence between OT cybersecurity and ICS involves understanding and managing risks associated with interconnected systems. Threats targeting OT can impact ICS, potentially causing disruptions, safety hazards, or financial losses. Thus, a holistic approach to cybersecurity is essential, focusing on securing both the underlying OT infrastructure and the ICS components.
Integration of Security Measures: Efforts to strengthen OT cybersecurity involve implementing measures like network segmentation, access controls, regular patching, intrusion detection systems, and robust incident response plans. These measures are crucial to safeguarding ICS against cyber threats.
Regulatory Compliance: Various regulations and standards, such as NIST Cybersecurity Framework, ISA/IEC 62443, and others, emphasize the convergence of OT cybersecurity and ICS. Compliance with these standards often requires comprehensive security strategies that address both OT and ICS aspects.
The OT cybersecurity project has been created to harness the expertise and knowledge of the community members that have dealt with or are currently dealing with OT environments. We will be focusing on:
- Learning from each others successes & failures
- Understanding the risks
- Learning and sharing best practices within cybersecurity and outside of the siloed business division
- Understanding the skills required and demand for them
- How to improve organisational culture around OT
- Technology service providers efficacy and comparison. Inclusive of multi-vendor challenges
- Development of frameworks and guides consolidating and applying to where is most relevant
- TTX consolidation and creation
These will be focused while also considering the context behind the verticals and geolocations of the conversations.
Community Criteria
Not regionally restricted and is suitable for those with responsibility of OT and ICS environments.
- Chief Information Security Officer (CISO)
- Senior Manager, Security Operations
- Senior Manager, Incident Response
- Senior Manager, Governance and Risk
- Chief Technology Officer (CTO)
-
- Senior Director, Technology Strategy
- Senior Director, Infrastructure Development
- Senior Director, Technology Innovation
- Chief Operations Officer (COO)
- Senior Vice President, Operations
- Senior Director, Business Process Improvement
- Senior Director, Operations Excellence
- Director/VP of Operations Technology (OT)
- Senior Manager, OT Implementation
- Senior Manager, OT Maintenance
- Senior Manager, OT Security
- Director/VP of Industrial Control Systems (ICS)
- Senior Manager, ICS Integration
- Senior Manager, ICS Security
- Senior Manager, ICS Engineering
- Industrial IT Manager
- Manager, Industrial Network Security
- Manager, IT-OT Integration
- Manager, Industrial Systems Administration
- Cybersecurity Architect/Manager
- Manager, Cybersecurity Architecture
- Manager, Security Operations Center (SOC)
- Manager, Threat Intelligence
- Operations Manager/Senior Engineer
- Manager, Operations Optimization
- Manager, Process Engineering
- Manager, Reliability Engineering
- Compliance Manager/Director
- Manager, Regulatory Compliance
- Manager, Standards and Controls
- Manager, Compliance Auditing
Community Tasks
All existing members promote the project to attract at least one new member to this project to widen the perspective by the end of the year 2023. This member must meet the criteria listed already on this page – direct them to Register here for an Alliances Projects introduction with an Alliances Regional Director.
Every survey is completed – even if you have to put N/A when suitable – This builds a version of market intelligence based on the experiences and environments of those within this group.
Abide by the Rules of Engagement – this Project is for ongoing collaboration and constructive progression within the industry – let us create a baseline of understanding and not assume a baseline of understanding.
Ensure the scope of this project remains focused on the needs of those within this community. Where questions are to needed? Ask them. Where there is an opportunity to share a lesson? Share it. Where there is an opportunity for community input? Ask for it. For compliance, these can be collated through anonymous challenges as per usual.
Everyone to ‘Data dump’ finding in the group, forward email to RD, tag RD on LinkedIn – consolidate what is already out there for ease of access for those working within OT/ICS.
Service Provider Criteria
Technology and service companies’ insights are vital to users and potential end-users looking to purchase their solutions. These suppliers have a thorough grasp of the product or service they generate, informed by the challenges, innovations, and complexities involved in its creation. Their viewpoints give insight on the complex features, prospective uses, and underlying design philosophy that would otherwise be lost on users.
This Alliances Project holistically is an ongoing collaboration between those that impact Operational Technology and Industrial Control Systems and their efficacy and security to ensure human safety, sustainability and uptime is achieved.
Criteria:
- Those who want to engage in the form of education contributions where commercial conversations occur when invited and not assumed to be relevant.
- Content contributions should be evidenced through use case and not conceptualising impactful solutions.
- Individuals may represent the service provider and also contribute from their experiences over their interactions with others who fit the criteria of this community.
- All service providers are to be recommended to the Alliances by the community as being a positive impact on their business and responsibilities.