itb-au logo
Story image

IT & OT convergence brings new cyber risks to industrial sector

18 Jul 2019

IT and operational technology (OT) are on a journey to convergence, but that convergence must be managed with caution in order to manage cybersecurity risks that go with it. 

The risk towards industrial organisation such as the energy sector are immense – in fact the Australian Energy Market Operator says that protecting the sector is a matter of national importance.

Forescout Asia pacific and Japan senior director of systems engineering Steve Hunter comments that cyber risks against IT and OT environments have been steadily growing. Now there is a driving force by government and industry bodies to address those risks.

The Australian Energy Sector Cyber Security Framework (AESCSF), which provides a foundation for the sector to be consistently assessed and the insight to uplift cybersecurity capabilities and strengthen cyber resilience. 

“This increasing pressure is putting new demands on CIOs and CISOs in the utilities sector now tasked with protecting this entire ecosystem,” comments Hunter.

“The reality is, however, that no organisation can be expected to understand that of which they don’t know, and a key part of addressing this knowledge gap is to have complete device visibility and control across IT and OT.”

He says that criminals often gain access to OT systems by compromising contract and third party vendors.

“Devices are installed onto the network to make workers’ jobs more efficient but the IT team either isn’t alerted to their presence or can’t see them via existing asset discovery processes. Vendors come in and do their job, then leave devices behind or leave decommissioned assets connected, creating rogue devices that aren’t managed and secured. This creates potential to take the organisation down with a single attack.” 

Forescout states that utilities can protect themselves by gaining full visibility into all the devices connected to the network, understanding what’s connected at all times and managing those connected devices to prevent unauthorised access to the network. 

“When it comes to asset discovery, utilities should carefully start with the system critical services and work in priority order to identify: what assets support the process; what hardware and software run on the assets; what network topology supports them; and what endpoints, devices, and non-network connected devices really constitute the asset in its entirety,” says Hunter.

“Utilities should put in place a framework of controls from asset discovery, hardware, and software asset management, configuration management, and vulnerability management, to building a blueprint for efficient and measurable risk reduction.” 

Story image
Security threats endanger tens of millions working from home
There are pressures to stay trading, but it is imperative to ensure that actions taken now don’t encourage security disasters in the future.More
Story image
Equinix brings Alibaba Cloud access to the US, APAC and EMEA
"We are glad to deepen our collaboration with Alibaba Cloud in new metros around the world. In today's digital economy, delivering cloud computing has become a top priority for enterprises."More
Link image
OSS Group: The local IT automation architects
OSS Group helps Kiwi businesses uncover the value of IT automation.More
Story image
Fortinet web application firewalls help secure business continuity
Cornelius Mare, Fortinet A/NZ Director, Security Solutions, provides an overview of the importance of web apps for business continuity and what it takes to secure them.More
Story image
Employers to allow staff to continue working remotely - Gartner
“As business leaders plan and execute reopening of their workplaces, they are evaluating more permanent remote working arrangements as a way to meet employee expectations and to build more resilient business operations.”More
Link image
Try 5G software to accelerate 5G device test
As a 5G device developer, you need comprehensive network emulation solutions (NES) to accelerate 5G device test and get to market faster. Keysight’s 5G network emulation software can help you streamline your device workflow across all stages — development, acceptance, manufacturing, and deployment. Try our complimentary 5G NES software today.More