Mapping Of IT And OT Cybersecurity Requirements

 Many companies have a role focused on IT (Information Technology) cybersecurity, typically adhering to ISO 27000 series standards and NIST guidelines. A newer trend is assigning a similar role for OT (Operational Technology) cybersecurity, which deals with Industrial Automation and Control Systems (IACS). The standard for IACS cybersecurity is the 𝐈𝐒𝐀/𝐈𝐄𝐂 𝟔𝟐𝟒𝟒𝟑.

A corporate cybersecurity program should include requirements for all phases of corporate facilities. While IT cybersecurity is managed by the IT department, the IACS security in plants should be handled by those in the IACS Cybersecurity Program.

These two cybersecurity programs should be aligned as part of an overall corporate cybersecurity strategy. With the increasing frequency and impact of cyber-attacks, especially on IACS, the need for this alignment is urgent.

𝐒𝐨𝐦𝐞 𝐢𝐧𝐭𝐞𝐫𝐞𝐬𝐭𝐢𝐧𝐠 𝐬𝐭𝐚𝐭𝐢𝐬𝐭𝐢𝐜𝐬 𝐚𝐛𝐨𝐮𝐭 𝐈𝐂𝐒/𝐎𝐓 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐚𝐜𝐜𝐨𝐫𝐝𝐢𝐧𝐠 𝐭𝐨 𝐓𝐗𝐎𝐧𝐞 𝐍𝐞𝐭𝐰𝐨𝐫𝐤𝐬 𝐢𝐧 𝐭𝐡𝐞𝐢𝐫 𝟐𝟎𝟐𝟐 𝐫𝐞𝐩𝐨𝐫𝐭:
• 𝟓𝟕% of companies in the US reported ICS/OT security incidents.
• 𝟗𝟒% of surveyed enterprises acknowledge that IT security incidents can impact OT systems.
• 𝟒𝟖% of organizations experienced ICS/OT security incidents in 2022, but only 34% have conducted thorough security incident investigations and assessments.
• 𝟒𝟕% of companies report their process times are significantly lengthened due to cybersecurity complexities.
• 𝟑𝟔% of companies report management's apathy toward cybersecurity as a major challenge.

𝐒𝐭𝐚𝐭𝐬 𝐒𝐨𝐮𝐫𝐜𝐞: https://www.txone.com/.../insight-into-ics-ot.../

𝐈𝐦𝐚𝐠𝐞 𝐒𝐨𝐮𝐫𝐜𝐞 (𝐚𝐧𝐝 𝐦𝐨𝐫𝐞 𝐢𝐧𝐟𝐨 𝐨𝐧 𝐢𝐦𝐩𝐥𝐞𝐦𝐞𝐧𝐭𝐢𝐧𝐠 𝐢𝐧𝐝𝐮𝐬𝐭𝐫𝐢𝐚𝐥 𝐜𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲): https://gca.isa.org/implementing-an-industrial...

*********************************************

• Follow Jeff Winter on LinkedIn at https://www.linkedin.com/in/jeffreyrwinter/ to stay current on Industry 4.0 and other cool tech trends.