If cybersecurity were an automobile, a key performance indicator would be miles per cyberattack, with infinite as the desired metric (i.e., miles before the next cyberattack)!
The cybersecurity challenge for information technology (IT) stakeholders is enforcement of digital security across all managed assets (computers and network elements) to prevent malware infections and consequences thereof. In contrast, what is the cybersecurity challenge for operational technology (OT) stakeholders?
The weaponization of cryptography by ransomware and supply chain exploits to deliver malware by nation-state actors and the cybercrime syndicate have clearly drawn the battle lines for both IT and OT stakeholders in the years ahead. The onus is squarely on product security architects, chief technology officers and data officers to meet the challenge.
For value creation in OT environments, the solution must amplify operational integrity and safety of connected devices in industrial manufacturing and control systems and provide explicit protection controls against cyberattacks. The mindset in IT is to expeditiously apply security patches and plug gaps based on vulnerability assessments and published threats.
The motivation in OT is to ensure a high degree of trustworthiness and availability in operational equipment linked to business revenues. Remediation activities in OT ecosystems (to recover assets and restore normalcy after a cyberattack) disrupt production systems and result in lost revenues. Therefore, operators must protect OT assets to lower cyber insurance premiums and costly payouts, via:
The benefits of infrastructure hardening and modernization (i.e., digital transformation) must include the following incentives for collaboration with original equipment manufacturers (OEMs):
The solution architecture for product security architects and field operators must achieve the following objectives for unified IT-OT workflows and return on investment:
The economics of modernization programs will require forecasting the total cost of operation (TCO), reducing expenses with operational efficiencies, ensuring that the appropriate grade of protection is available to devices, and building resilience to prevent service outages that may be triggered by sophisticated cyberattacks. The choice of deployment model will vary based on the forecast TCO — namely, as a cloud SaaS, enterprise managed on-premises, or a security service provider managed on-premises solution, and will require:
Unlike multi-layer detection controls, protection is a holistic trust solution that requires a chain of trust from the first mile to the last mile:
Trust is transitive and protection requires explicit and verifiable trust — with integrated digital security and device protection.