Blocking and Tackling: Improvements in Security for IT and OT

In the never-ending game of security one-upmanship between IT and OT departments, both have been gaining ground recently. (Remember: this is not now, nor has it ever been, an either/or proposition. We need both.)

What’s more, simultaneously with these departments making strides toward better security (often achieved by actually working together – gasp!), the trend seems to be moving toward offering less forgiveness to them in the event of breaches and attacks. In a recent address to Carnegie Mellon University, Jen Easterly, Director of the United States Cybersecurity and Infrastructure Security Agency, said that she thinks it is time for security at the design and manufacturing layers to be the industry standard, and that blaming customers when they are targeted by ever-more-sophisticated attackers can’t be accepted anymore. 

“By design, we’ve normalized the fact that technology products are released to market with dozens, hundreds or thousands of defects — such poor construction would be unacceptable in any critical field,” she said during the address. Furthermore, she added that we don’t expect consumers to buy a car with no seatbelts and we need to stop accepting less from our connected devices. 

With that in mind, let’s look at two recent announcements that seem to be taking these warnings to heart. 

In a recent partnership announcement, OTORIO, a provider of operational technology (OT) cyber and digital risk management solutions, and Compugen, an information technology (IT) solution provider, made public a new business partnership that they said is designed to protect customers against industrial cyber threats to OT environments. 

Under the agreement, Compugen will resell OTORIO’s RAM2 OT security protection monitoring platform and spOT Assessment compliance risk assessment software solution, and use the latter to offer customers technical risk assessments of their operational networks. 

“At OTORIO, we strive to bring strategic partners like Compugen into the fold to provide optimal value to customers,” said JF Gignac, EVP Sales OTORIO. “This collaboration enables us to expand our partner ecosystems and provide industrial customers with superior OT cybersecurity. We look forward to leveraging Compugen’s proven expertise and extensive customer base to introduce our solutions to the largest businesses globally.”

This teamup isn’t the only example of OT and IT playing nice for better security outcomes, of course. In fact, according to a recent release, the utilities industry in the United States is banding together with the goal of helping suppliers identify vulnerabilities in mission-critical software and then address those holes in the wall. Several investor-owned utilities announced a partnership with Fortress Information Security to launch the North America Energy Software Assurance Database (NAESAD) at the 2023 DistribuTECH Conference. NAESAD’s goal will be to provide the energy industry with a comprehensive Software Bill of Materials (SBOM) repository for every vendor.

“The challenges for utilities and their supply chain partners are significant, but there is a clear path to mitigating critical risks,” said Alex Santos, CEO of Fortress. “Industry players must collaborate – from the smallest supplier to the largest utility. The SBOM for every critical product needs to be carefully analyzed to reveal, prioritize, and eliminate the vulnerabilities that pose the greatest threat to the U.S. energy industry.”

An SBOM provides a list of proprietary and open-source software components that are needed to run critical infrastructure technologies. This list will offer actionable information to purchasers so they can make informed decisions when buying or upgrading systems to be more secure. NAESAD reportedly is following the private-public partnership blueprint developed by the Cyberspace Solarium Commission.

We’re looking forward to seeing even more examples of this kind of collaboration between IT and OT departments, especially in our mission-critical industrial sectors. The attackers and bad actors certainly aren’t failing to innovate, so let’s keep ahead of them. 

Ken Briodagh

Ken Briodagh is Executive Editor of The Frontier Hub. He loves all forms of storytelling, from IoT technology to live events to content marketing strategy that creates brand loyal fans. Ken has been leading industries and brands through story for more than a decade, creating millions in value and growth. He's also founder and Chief Storyteller at Briodagh Consulting, a poet, pretend potentate, & partial alliterist. He lives in Connecticut with his family, two cats, a turtle, and a dog.

Read Previous

Bentley Systems Sets Sights on Flexible Energy Transmission

Read Next

Safety First: Senet and Heath Consultants Introduce Natural Gas Leak Detection Solutions