The Successful Protection Of Critical Infrastructure Cyberspace

Risk factors, such as an increased threat landscape, geopolitical instability, and most importantly, the global shortage in OT cybersecurity skills have turned today into the most dangerous period for industrial companies. Unfortunately, very little has been written on how to break the barrier and enter into the cyber defense world of OT systems and industrial control systems.

Over 10 years ago, when I first began my journey in the world of securing critical infrastructure, I had over a decade of experience in information security and cyber expertise with IT systems communications and infrastructure. Despite this, no one prepared me for the interesting and intriguing encounter with the world of critical infrastructure. While I was certain that my significant experience in cybersecurity would ease my way into the world of cyber protection for critical infrastructures, a big surprise was awaiting me.

“You need a workforce trained on the appropriate technology” Patrick Miller, an expert in IT/OT

Despite the similarities between IT and OT environments, “it’s all T”.
There are a few main differences in how both environments are protected. Specifically, there is importance in making sure that employees have the required knowledge and tools to implement the protection measures. In the words of Patrick Miller, an expert in IT/OT, “you need a workforce trained on the appropriate technology”.

There is a particularly significant difference between the protection of IT Systems, OTs and Industrial Control Systems (ICS):

While cyber defense workers are familiar with and experienced in the processes and technologies for protecting the traditional computing environment (IT), the knowledge and ability to realize the same concept and level of protection for the operating environment (OT) is limited. This limitation is due, in part, to the following challenges:

In IT data protection, information is guarded. Any damage inflicted on the information may lead to loss of trade secrets and/or sensitive data and impairment of data availability/data integrity.

In OT Systems, the protection of the confidentiality of the information and sensitive data is second to that of the operational process, namely, the “safety aspects and business operational implications related to the production line process”, which can be impacted by a cyberattack.

It is therefore evident that in OT systems, the main priority is the organization’s ability to continue producing.

Continue to part 2 of this article on “People, Processes & Technology” >

Part 2 – People, processes & technology