by Yair Attar
Co-Founder & CTO, OTORIO
Download the magazine overview The two sides
of the operational technology security equation
(and why it’s risky to focus on only one)


One could argue that industrial cybersecurity is suffering from the operational equivalent of dissociative identity disorder.

The first persona is on-site operational personnel with an engineering background responsible for security maintenance or system hygiene. The second persona is at the corporate level, in the CISO team or a 3rd party managed security services provider (MSSP) and comprises security analyst teams with a digital security background usually backed by third-party security architects.

Persona 1 is proactive and hands-on, whereas persona 2 is inherently reactive.

Today’s risk-intensive operational technology (OT) security demands a secure atmosphere with zero downtime. In such a scenario, personas 1 and 2 must work together closely to prevent and mitigate risk across the digital environments by adopting a proactive approach.

In today’s volatile cybersecurity climate, the only way to truly mitigate damage is to prevent it. The question is: how can personas 1 and 2 work together effectively to achieve this goal?

The risk bowtie model

The risk bowtie model is an excellent way to visualize how proactive and reactive approaches can work together to eliminate threats that can impact production.

The left side shows proactive controls and is referred to as operational security (OpSec).
OpSec focuses on proactively mitigating gaps before they become breaches. OpSec incorporates controls that include governance and policy implementation, gap and exposure identification and network architecture, to name a few.

The right side of the diagram shows reactive controls and is referred to as security operations (or SecOps).
SecOps efforts revolve around the security operations center (SOC), which focuses on day-to-day missions like monitoring systems, logging, anomaly detection, threat hunting and incident response.

What side does OT security demand?

Today, most OT security solutions in the market focus on the reactive SecOps paradigm – the right side of the diagram. These solutions detect and respond to security incidents after they happen.

Similar to contemporaneous trends in digital security, the OT solution requires adding automation and orchestration capabilities and integrating them into risk-based management routines, while enabling tighter collaboration with off-site cybersecurity teams.

Here is what companies can do to ensure this happens:

Move beyond the reactive-only vulnerability and anomaly detection approach by embracing proactive risk avoidance solutions and services

Accelerate OT/IT convergence by utilizing multi-function platforms that understand, control and orchestrate the diverse OT/IT/IIoT systems in the organization

Make sure that your security stack can dynamically adapt to changing threat vectors and risks

These steps will allow personas 1 and 2 to coexist, and effectively meet their shared goal of cost effectively creating a secure and productive production floor.

About the author

Yair Attar

CTO Otorio

Yair Attar is the Co-Founder and CTO of OTORIO from the past 4 years. As such, he is being leading safe digitalization through industrial-tailored cyber risk management, by providing managed security services for industrial control systems. His experience spans over 15 years of leading successful campaigns to defend mission-critical systems, including a decade serving as a senior officer in the Israel Defense Force (IDF) cyber command. Yair holds a bachelor’s degree in Economics and Management from The College of Management Academic Studies

About OTORIO

OTORIO delivers next-generation OT security and digital risk management solutions. The company combines top nation-state cybersecurity experts with cutting-edge digital risk management technologies to provide the highest level of protection for the manufacturing industry. Visit OTORIO at www.otorio.com

Interested in next publications?

 

Register to our newsletter and receive a notification when there are new articles.