CBI is proud to have been a Gold Sponsor for the InfraGard Michigan Members Alliance’s 2019 Great Lakes Conference, which took place May 20th at the Federal Reserve Bank of Chicago – Detroit branch.
InfraGard is a partnership between the FBI and the private sector, dedicated to sharing information and intelligence to prevent hostile acts against the U.S. CBI sponsored alongside several other leaders in the security space including other technology partners like CrowdStrike and Cyber Ark.
The 2019 Great Lakes Conference was well-attended, with breakout sessions at standing-room only capacity, several major clients in attendance and compelling presentations from the FBI on the cost of cyber incidents and the State of Michigan’s CSO about upcoming cyber initiatives.
Who Owns OT Security?
CBI’s SVP of Security Solutions Chris Burrows delivered a presentation defining Operational Technology (OT), who should be responsible for managing it and how it fits in with the more traditional Information Technology (IT) model.
Operational Technology is defined by Gartner as “Hardware and software that detects or causes a change through the direct monitoring and/or control of physical devices, process and events,” which is a subtle but crucial difference from the traditional use case of IT as the systems that process and distribute data.
With the growth of Operational Technology as mission-critical infrastructure in the enterprise for managing assets and devices, and a corresponding uptick in breaches and attacks, it becomes imperative to clearly define accountability for OT-related cybersecurity. While more than 50% of companies in a recent study are utilizing OT to control devices accessing the network, just under 16% are confident in the current state of their security program!
The discussion sparked a lot of dialogue with security leaders in the room from diverse industries ranging from healthcare to logging. All agreed with CBI’s assertion that IT will own security for OT.
The Rule of Three
Aligning IT and OT security is a people and culture issue first and a technical issue second. Chris Burrows concluded his presentation with solutions and next steps companies can take to secure OT along with IT, starting with the Rule of 3, a workflow designed to identify security strategy, educate key stakeholders across the organization, segment the systems within OT and IT, and response rapidly to preempt and address incidents.
To be successful, CBI recommends IT leaders frame the conversation around OT security as a proactive organizational risk issue, get peers on board to preempt cyber issues, and establish an ROI-driven approach to securing OT.
For more recommendations and best practices around OT security, contact the experts at CBI today.