Operational priorities must inform security actions to defend OT and Cyber-physical systems effectively.
In 1988, former US President Ronald Reagan posed the now-famous quote, “I’m from the Government, and I’m here to help," describing government overreach as largely ineffective, generally worsening relationships. Unfortunately, some IT security teams have developed a reputation where their actions are similar to what Reagan described.
The future relationship between security, operations, and the business will be determined by how the new kid to their game acts and behaves. To be clear, the new kid here is the security team. The operation is likely to be why the business exists in the first place, and they are apprehensive about an IT group meddling in their operation.
As these new inter-departmental relationships begin, understanding that each team will have different priorities and objectives is vital. By capitalizing on this opportunity to discuss these issues, a shared objective can be found based on the commonalities, helping to inform strategies and initiatives that consider the needs of both teams equally.
Cyber-Physical Systems and Operational Technology
When TXOne Networks approached the emerging challenges in OT security, it quickly became clear that the differences between it and IT were profound. We focused on these differences when developing our detection and response capability called Cyber-Physical System Detection and Response.
The first few times we discussed this capability, we were met with a question of semantics, “Why not OT DR?” This did not come as a surprise. Instead, it served to prove the point. The issue is the misalignment and misunderstanding of OT security and the risks of taking an IT security approach, a truism of Reagan’s quote. Understanding why we chose this name over OT DR will help IT security teams and vendors in their future relationship journeys.
The OT domain is as vast and varies as its IT cousin. Boiling it down to a single factor within the existing IT capability schema would be akin to saying that a single product can detect and respond to everything in IT. Just as there is EDR, XDR, CSPM, ASRM, and a multitude of other acronyms within IT security, OT environments and the cyber-physical systems they comprise are rich and diverse and require a targeted approach.
The other part of the question that often comes up is cyber-physical systems themselves. Specifically, why call them CPS and not just devices or endpoints? Again, this comes back to understanding the nature of the diverse OT environment. With 30-year-old equipment still in production alongside the latest technology, a term was required to correctly capture the different parts of the operation’s systems that play a part in its overall function. These devices include any device, sensor, controller, endpoint, or other system from any domain that contributes to interacting with the physical world and forms a part of the CPS.
Taking note of the device diversity that makes up complex systems running the real world helps the teams define a holistic plan for defense. Tying this to the strategy sets the stage for an effective approach to improving security maturity and operational availability.
Meet the operation’s requirements by breaking the status quo.
The OT domain is complex and diverse, posing some of the most exciting challenges security has seen in the last decade. If security teams view this new frontier in that light, they will see opportunities to extend their expertise and provide a meaningful change to the business.
Embrace OT for the exciting challenge it is and build a strong relationship with the operation teams. The rewards are more than worth it.
Contact TXOne Networks to learn more about CPSDR and how an OT security specialist can support your operation.
By Dan Cartmill, Global Product Marketing Director, TXOne Networks