search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
Page 10


www.us-tech.com


TechWaTch The Rise of OT Cybersecurity Threats By Laurent Duperval U


ntil recently, cyberattacks focused primarily on elec- tronic data such as login


credentials, credit card informa- tion, and other types of both per- sonal and business information. According to a report from IBM, such a breach could cost an organ- ization an average of about $9.44 million. Not to mention the bad publicity a brand may suffer. Yet, the cost of those IT breaches can pale in comparison to the devas- tation to both property and people that an operational technology (OT) breach could unleash. In fact, Gartner predicts by


2025 cyber attackers will have weaponized operational technol- ogy environments to successfully harm or kill humans. The re- ports estimate the financial im- pact of Cyber-Physical Systems (CPS) attacks resulting in fatal casualties will soon reach over $50 billion USD. While IT cybersecurity —


which protects servers, laptops, phones, etc. —is fairly mature, OT cybersecurity is in relative infan- cy. OT is where technology inter- acts with the physical world and includes industrial control sys- tems (ICS) that monitor, control and automate processes such as those on a manufacturing floor or


within critical infrastructure. “For the last 15 years, we’ve


all been focusing on IT security,” says Paul Bellack, a former CIO of a $40 billion global manufac- turer with 160,000 employees. “Five years ago, few people were talking about OT cybersecurity. OT is a separate and distinct do- main of technology and a more complex cyber problem to solve. There is a lot to do to address it, and many people in charge don’t realize it.”


IT and OT Merging With today’s digitalization,


the IT and OT worlds are no longer separate. As an example, an attacker could plant a virus in the IT domain that spreads to the OT domain. This can be attributed to the


fact that just about every indus- trial or production environment, including plants, hospitals, and energy management, now have industrial control systems that connect to the physical environ- ment, making them part of an OT domain.


Furthermore, the cybersecu-


rity remediations that apply to IT, such as password manage- ment and antivirus software, are not as effective or simply do not


apply to OT. The risk profile is also dif-


ferent between the two domains. In an IT attack, a cyber breach may cause data loss. But in OT, it can force a plant to shut down and machinery can be taken over — possibly injuring or killing people. To compound the problem,


OT is typically much more decen- tralized than IT. With IT, compa- nies can set up a centralized mon- itoring system and push updates and reboots simultaneously to thousands of devices, such as phones and laptops. There is no equivalent approach for OT. Up- dating and restarting machinery can often require a complete plant shutdown and may even require advance notice and planning.


Who’s Responsible? While cyber threats are al-


ways changing, CIOs and CISOs are always working to stay one step in front of a potential IT at- tack. However, on the OT side, it’s often unclear who’s responsi- ble for securing the systems. There is a need for a sepa-


rate security program for OT that includes different tools, gov- ernance, and processes. Compa- nies can’t simply extend their IT


Programmable Oscillators from Dove’s Programming Center


Delivery in Days! Not Weeks, Months or Years!


3 oscillator types: SG-8018 CMOS • SG-8101 CMOS tight stability • SG-9101 CMOS spread spectrum Frequency Range of 0.67 MHz to 170 MHz • Tolerances as tight as +/-15ppm, Temperature Ranges as wide as -40 to +105 C • 4 package sizes available


security program to OT, as the differences between the two do- mains are too great. It may re- quire two security operation cen- ters (SOCs), which adds to the complexity and costs of cyberse- curity management. When it comes to machinery,


Steve Boals, chief revenue officer at cyberconIQ — which pioneered the use of behavioral science to measure and manage cybersecuri- ty risk in IT — says there is too much of a narrow view. It comes down to the need


for IT and OT teams to work jointly on processes, procedures and controls to address the cul- tural gaps and mitigate the over- all risk to the organization. OT also has to contend with


realities that IT doesn’t. For ex- ample, IT devices have an aver- age life span of 3 to 5 years. OT systems, however, can be 15 to 30 years old. Sometimes, the manufacturer may no longer be around to repair or upgrade a system, which will require a sep- arate approach to protect it. When an IT infrastructure


component goes down, it can of- ten be rebooted in a few minutes. However, factory machinery in OT often can take much longer to get up to speed. Faced with these dilemmas,


many organizations simply don’t even know where to begin ad- dressing the OT challenges. For- tunately, the cybersecurity indus- try is slowly beginning to build out the kind of roadmaps needed to tackle OT cybersecurity. As part of that, the afore-


mentioned cyberconIQ has out- lined a framework for building a culture of mindfulness for opera- tions executives, management and operations teams when ad- dressing OT cybersecurity. This comes as companies


CA CB CE CG 7.0 x 5.0 mm 5.0 x 3.2mm 3.2 X 2.5mm 2.5 X 2.0mm


are facing stricter compliance ob- ligations from the National Insti- tute of Standards and Technolo- gy (NIST) as well as pending leg- islation. As automation and digitiza-


Scan the QR Code to view our video


1-800-232-9825 • sales@doveonline.com • www.doveonline.com


tion surge, OT cybersecurity will continue to increase in complexi- ty and priority, requiring organi- zations to dedicate additional re- sources in order to protect


against potential attacks. Contact: cyberconIQ, 227 W


Market Street, Suite 103, York, PA 17401 % 717-699-7305 E-mail: info@cyberconiq.com Web: www.cyberconiq.com r


September 2023

Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84  |  Page 85  |  Page 86  |  Page 87  |  Page 88  |  Page 89  |  Page 90  |  Page 91  |  Page 92  |  Page 93  |  Page 94  |  Page 95  |  Page 96