U.S. cybersecurity firms seek tech standards to secure critical infrastructure
A group of cybersecurity companies that specialize in securing critical infrastructure said they’ve formed a lobbying group to push for technological standards among the private sector and government.
The Operational Technology Cybersecurity Coalition said it will directly work with government to share feedback on policy proposals and adopt uniform technological standards for securing places such as pipelines and industrial facilities. Founding members include Claroty Inc, Tenable Holdings Inc, Honeywell International Inc, Nozomi Networks Inc and Forescout Technologies Inc.
Editor’s Note: What is Cybersecurity?
Cybersecurity is a subset of information security which aims to defend an organization’s cloud, networks, computers, and data from unauthorized digital access, attack, or damage by implementing various defense processes, technologies, and practices. With the countless sophisticated threat actors targeting all types of organizations, it’s critical that your IT infrastructure is secured at all times to prevent a full-scale attack on your clouds, networks, or endpoints and risk exposing your company to fines, data losses, and damage to reputation.
The new cybersecurity industry initiative comes as experts have placed increased scrutiny on what’s known as Operational Technology (OT), a broad array of computer systems that monitor and control industrial equipment.
In May, the cybersecurity firm Mandiant Inc warned that compromises against Internet-connected OT devices were on the rise.
“This work is essential to protect our country’s critical infrastructure,” said Jeff Zindel, vice president and general manager for cybersecurity at Honeywell.
Information Technology (IT) and Operational Technology (OT) are converging, bringing the promise of improved efficiency and new business models enabled by mass digital transformation and the Industrial Internet of Things (IIoT). However, along with the promise of greater connectivity comes greater risk.
As new technologies are introduced and integrated into legacy operations, OT and IT teams are being challenged from every direction. Security approaches that previously worked for one environment may not apply to the other.
That is why a coalition of industry leaders founded the Operational Technology Cyber Security Alliance (OTCSA) — to provide OT operators and suppliers with resources and guidance to mitigate their cyber risk in a fast-evolving world.
An ecosystem approach to safe and secure industrial operations:
The OTCSA is committed to enabling safe and secure operations for the entire OT spectrum. This includes securing the related interfaces to enable interconnectivity to IT while continuing to support and improve the daily life of citizens and workers in an evolving world.
The OTCSA provides OT operators and their vendor ecosystems with regular technical briefs and implementation guidelines to navigate necessary changes, upgrades and integrations. We will build and support an understanding of OT cyber security challenges and solutions from the board room to the factory floor.
The OTCSA adresses cyber security concerns across the entire range of industrial operations, including:
- Industrial control system equipment, software, and networks
- IT equipment and networks that are used in OT systems or provide functionality to OT systems
- Building management systems
- Facilities and control rooms access control systems
- CCTV systems
- Medical equipment
One thought on “U.S. cybersecurity firms seek tech standards to secure critical infrastructure”
Cyberattacks are becoming more frequent and more expensive. Tal Liani of BofA Global Research highlights trends such as digitalization, hybrid work, and the transition to public cloud which have increased the attack vector across organizations’ networks. This year, 83% of organizations have experienced multiple breaches, and the average remediation cost was $9.4mn in 1H22, a 4% y/y increase on top of the 13% seen in 2020.