• About
  • Subscribe
  • Contact
Wednesday, May 7, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Technology Security

PodChats for FutureCIO: Weaponization of Operational Technology

Allan Tan by Allan Tan
August 10, 2021
PodChats for FutureCIO: Weaponization of Operational Technology

PodChats for FutureCIO: Weaponization of Operational Technology

Operational Technology (OT) is the hardware and software that keeps things, for instance, factories, power plants, facility equipment etc. running. It monitors and manages industrial process assets and manufacturing/industrial equipment.

Gartner predicts that by 2025, cyber attackers will have weaponized OT environments to successfully harm or kill humans. It also predicts that the financial impact of attacks using OT resulting in fatal casualties will reach over $50 billion by 2023.

While we do not discount that the threat on OT is real, there remain on-the-ground issues that limit the instant resolution of these threats.

For one thing, while it is easy to assign overall security to the CIO or CISO, Eaton’s Asia-Pacific Director – Cloud and Data Centre Segment, Richard Farrell questioned whether IT staff have the understanding and experience to do so.

Prevailing misconceptions around securing OT

He pointed out that OT is not limited to devices like servers, switches and storage. It encompasses lighting, air conditioning, backup power systems, and more.

He acknowledged ongoing misconceptions including that cybersecurity is an IT team’s problem.

“IT people are not electrical engineers or mechanical engineers. They would have issues trying to administer anything on a backup power supply or chiller, not to mention the safety issues that come around that as well."

“You have to remember that a lot of these devices run on mains power. Some of these switchboards in buildings and data centres run on up to 100,000 volts. It's not like replacing the power supply of a server by popping the server out. You can't do that with operational technology,” he emphasized.

He also pointed to the misconception that cybersecurity breaches do not affect operational technology. While he concedes that data may be the target for attacks, the Colonial Pipeline is a clear example of operational technology crippled as part of the process.

OT protection

According to Farrell the starting point is discovering or knowing what OT assets are connected to the internet or the network.

“Whether these are IT or OT is irrelevant. It is about making sure that you are aware of what devices are on the network. Only then can you enact security policies to protect these devices,” he explained.

He also suggested giving importance to the use of social engineering as a means of attacking the organisation. Incorporate these as part of the security and security compliance components of your employee onboarding programme.

See cybersecurity as a holistic service – a lifecycle service. This involves having a continuous programme of audit and assessment of the network, devices and upgrades of facilities. Have the latest software upgrades and always update security patches.

Who is involved in OT security?

For Farrell, OT should not be isolated from the rest of the organisation. He cited the example of personnel, including facilities managers and engineers, that operate and maintain the integrity of the data centre.

“We see a breakdown in communication between OT and IT, say between the IT manager and a facilities manager inside the data centre. To be effective against threats requires both OT and IT to work together,” he insisted.

Farrell believed that the best way for this to happen is to have a mandate from the top.

Where to start?

Don’t look at cybersecurity in isolation. “Start with your current infrastructure partners. Make sure they understand your operational technology set up and have people capable of helping to develop a cybersecurity programme that includes OT. These services could be electrical, mechanical, or other engineering services,” elaborated Farrell.

Cybersecurity Ventures predicted that, globally, businesses in 2021 will fall victim to a ransomware attack every 11 seconds, down from every 14 seconds in 2019. Cybersecurity researchers estimate at least 31.5 million ransomware attacks will occur in 2021.

Farrell warned that cyberattacks do not have to be as big as that against the Colonial Pipeline. He cited the example of the attack on Singtel in January 2021 when 129,000 customer records were stolen off the Accellion file transfer appliance the company used.

How to manage OT security

Farrell acknowledged the difficulty of generalizing the response to the question of who should manage OT security. Every organisation, even within the same industry, is different.  

He suggested that a potential starting point would involve making sure that endpoint devices are secured using tools like firewall, authentication software, intrusion detection, and the like.

While larger organizations like financial institutions and governments may have cybersecurity programmes in place, the risk is that OT is not included. “Or even if OT is included, they would not have that holistic view,” he warned.

“Start with an audit: know what’s on your network. Review your cybersecurity programme and what’s not included. Finally, if you don’t believe you have the capability, expertise or time to do that, there are a lot of organisations that can do that for you,” he added.

Three questions for the CIO-CISO

What 3 questions should those leaders involved or tasked with OT cybersecurity be asking when they're trying to decide what solution they should be looking into?

Farrell chided that likely 300 questions should be asked. He also cautioned about the psychology of wanting to be the smartest person in the room.

“I think we all love to overcomplicate it. As technologists, we all like to sound super smart and try to sound like the smartest person in the room. With cybersecurity, it's very easy to go down that rabbit hole of talking the very clever stuff, particularly when you start talking about UL certifications, IC certifications and everything which are essential as well.” Richard Farrell

He suggested first take a holistic approach and not treat OT in isolation from the rest of the organisation. “Second, partner up with somebody who understands your complete business in the complete facility. Third, ask for help,” he concluded.

Click on the podchat player and hear Farrell share his opinion on the viability of weaponizing operational technology.

  1. Is the prediction by Gartner of the weaponization of OT real or is someone just watching too many ‘Die Hard’ movies?
  2. What are some common OT cybersecurity misconceptions?
  3. OT encompasses more than just what is inside the data centre, how should businesses improve the security of facilities, including factories, warehouses, shops and malls, utilities, offices, and hospitals?
  4. Who should be involved in the OT security programme?
  5. Where does one begin their OT cybersecurity programme?
  6. What security management actions should be included in the programme?
  7. How should an OT security programme be managed?
  8. What 3 questions should a CISO/CIO ask when choosing an OT cybersecurity solution?
Related:  Investment priorities for APAC businesses in 2023
Tags: cybersecurityEatonIT securityIT-OT integrationoperational technologyPodchats
Allan Tan

Allan Tan

Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events. Previous Roles He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role. He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications. He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer. He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific. He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific. He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.

No Result
View All Result

Recent Posts

  • Agentic AI-powered AppSec platform launched for the AI era
  • IDC forecasts GenAI alone will grow at a 59.2% CAGR
  • Dataiku brings new AI capabilities to create and control AI agents
  • Microsoft reveals the rise of a new kind of organisation in the AI era
  • St Luke’s ElderCare enhances data security and user experience with Juniper

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe