A number of the world’s largest manufacturing and cybersecurity companies are getting behind a new consortium aimed at protecting industrial systems from threats.
The Operational Technology Cybersecurity Coalition (OTCSA) is targeting the end-to-end industrial flow for a wide range of manufacturers, including Coca-Cola, Honeywell, and Blackberry in addition to the expected plethora of cybersecurity companies like Fortinet, ABB, and Check Point.
The group wants to set the cybersecurity tone in areas as wide-ranging as automotive, semiconductor, energy, banking, and telcos with “membership open to any company that operates critical infrastructures or operates OT systems to run its business,” in addition to cybersecurity platform vendors.
Along with threat-sharing, the focus is to collect and share information with members and government entities with an emphasis on new regulations, including with NIST and the U.S. Commerce Department.
OTCSA is emerging during a crisis point in industrial cybersecurity with several highly-publicized incidents in the last several years, from the A.P Moller-Maersk shipping fiasco, the range of WannaCry and NotPetya ransomware incidents that hit several manufacturers, and TSMC’s WannaCry hit to fab facilities in 2018 and nearer term, fears about critical infrastructure vulnerabilities in grid, water, and other systems.
“90 percent of companies responding to a survey7 reported at least one security compromise to their infrastructure in the previous two years resulting in the loss of confidential information or disruption to operations,” OTCSA says. “Troublingly, preparedness is not growing commensurately. Some 80 percent of those same organizations say they have insufficient visibility into their assets and hence on their attack surface.”
The Zurich, Switzerland based organization points the expanding number of potential attack points. “Smart sensors, robots, motors, electrical-power frequency converters, and other connected devices throughout modern OT environments are generating immense quantities of data. Analysis of data is delivering immeasurable benefits by enabling the highly flexible, optimized operation of factories, process plants, and other facilities,” OTCSA details in its extensive of the problem.
“At the same time, data is being utilized in ways that have blurred the boundaries between OT and IT (e.g., routing data from a factory’s network edge to the cloud). As the historical isolation, or “air gap,” that previously protected OT disappears, the increased convergence of IT and OT networks—along with the adoption of IT technologies into process control and automation systems—is making OT increasingly vulnerable to cyberattacks,” they add.
The mission statement of the OTCSA sets forth a number of goals to help establish best practices. The guidelines it establishes will be publicly shared (so not kept within the confines of the organization once set forth).
“Readiness is not the only challenge; the ability to respond is, too. Some 61 percent of organizations in the Oil and Gas industry believe it’s unlikely they would be able to detect a sophisticated attack. Yet, in a separate survey, some 77 percent of companies say they are likely to become a target of a cyber security incident involving ICS,” the organization adds.