itb-au logo
Story image

IT & OT convergence brings new cyber risks to industrial sector

18 Jul 2019

IT and operational technology (OT) are on a journey to convergence, but that convergence must be managed with caution in order to manage cybersecurity risks that go with it. 

The risk towards industrial organisation such as the energy sector are immense – in fact the Australian Energy Market Operator says that protecting the sector is a matter of national importance.

Forescout Asia pacific and Japan senior director of systems engineering Steve Hunter comments that cyber risks against IT and OT environments have been steadily growing. Now there is a driving force by government and industry bodies to address those risks.

The Australian Energy Sector Cyber Security Framework (AESCSF), which provides a foundation for the sector to be consistently assessed and the insight to uplift cybersecurity capabilities and strengthen cyber resilience. 

“This increasing pressure is putting new demands on CIOs and CISOs in the utilities sector now tasked with protecting this entire ecosystem,” comments Hunter.

“The reality is, however, that no organisation can be expected to understand that of which they don’t know, and a key part of addressing this knowledge gap is to have complete device visibility and control across IT and OT.”

He says that criminals often gain access to OT systems by compromising contract and third party vendors.

“Devices are installed onto the network to make workers’ jobs more efficient but the IT team either isn’t alerted to their presence or can’t see them via existing asset discovery processes. Vendors come in and do their job, then leave devices behind or leave decommissioned assets connected, creating rogue devices that aren’t managed and secured. This creates potential to take the organisation down with a single attack.” 

Forescout states that utilities can protect themselves by gaining full visibility into all the devices connected to the network, understanding what’s connected at all times and managing those connected devices to prevent unauthorised access to the network. 

“When it comes to asset discovery, utilities should carefully start with the system critical services and work in priority order to identify: what assets support the process; what hardware and software run on the assets; what network topology supports them; and what endpoints, devices, and non-network connected devices really constitute the asset in its entirety,” says Hunter.

“Utilities should put in place a framework of controls from asset discovery, hardware, and software asset management, configuration management, and vulnerability management, to building a blueprint for efficient and measurable risk reduction.” 

Story image
Verizon adds Genesys Cloud to CX and contact centre portfolio
As contact centres are relying on digital, remote-first operations, Verizon Business announced the addition of Genesys Cloud, as part of the company's global customer experience and contact centre offerings.More
Story image
Databricks launches on Google Cloud 
Under the partnership, organisations can now use Databricks to create a lakehouse capable of data engineering, data science, machine learning, and analytics on Google Cloud’s global, scalable, and elastic network. More
Story image
Worldwide revenues for AI skyrocket, set to reach $550B by 2024
By 2024, the market is expected to break the $500 billion mark with a five-year compound annual growth rate (CAGR) of 17.5% and total revenues reaching $554.3 billion.More
Link image
Getting customer identity & access management right first time
Logins, account verification, single sign-on... they are essential for securing the customer experience. Learn about the five pillars of CIAM so you make no mistakes.More
Story image
Low-code tech market to reach US$13.8 billion in 2021
Driven primarily by factors influenced by the pandemic last year, COVID-19 restrictions will continue to drive a surge in remote development in 2021, which in turn will boost low-code adoption, Gartner says.More
Story image
3 days at home, 2 days in the office? What's the ideal working scenario in the new COVID normal?
The days of physically reporting to an office every day of the workweek are not likely to resume once the COVID-19 pandemic is over. More