ABB and Microsoft set up cybersecurity alliance to tackle threats to OT systems
A new global alliance has been established by ABB and Microsoft, alongside a cross-section of industrial technologists, to tackle cybersecurity threats to operational technology (OT), as it is increasingly connected to IT systems in order to drive new analytics and automation technologies.
The new group, called the Operational Technology Cyber Security Alliance (OTCSA), will deliver ‘guidelines’ on securing OT hardware and software systems, embedded in programmable logic controllers (PLCs), used by industry to manage and control physical devices such as valves and pumps.
Members said cyber attacks on critical and industrial infrastructure are on the rise, as industrial systems are more widely connected to the internet, impacting operational reliability and risk across all industries, including utilities, manufacturing, and oil and gas.
Founding members also include Check Point Software, BlackBerry Cylance, Forescout, Fortinet, Mocana, NCC Group, Qualys, SCADAFence, Splunk, and Wärtsilä. Until now, there has been no industry group focused on improving ‘cyber risk posture’ by providing architectural, implementation, and process guidelines to OT operators.
The group said they would promote collaboration with leading IT companies.
Their stated mission is five-fold, they said: to strengthen cyber-physical OT environments and interfaces for OT/IT interconnectivity; to guide OT operators on how to protect OT infrastructure based on risk management processes and reference architectures; to guide OT suppliers on securing systems and interfaces; to support the procurement, installation, and management of critical infrastructure; and to accelerate the time to adopt secure OT infrastructure.
OTCSA membership is open to OT operators running critical infrastructure and general OT systems, as well as IT and OT solution providers.
Analyst house IDC reckons 65 per cent of manufacturing, mining, oil and gas and utility companies see cyber security as their highest priority in IT and OT governance.
Kevin Prouty, group vice president for energy and manufacturing insights at IDC, commented: “One of the driving forces behind IT and OT convergence is cyber security of operational systems, like SCADA, MES, and controllers. OT has typically been managed as individual devices, which has made it very difficult for IT to maintain its cyber security mandate. Senior executives are tasking operations executives to get their OT systems integrated into the overall enterprise cyber security governance.”
Satish Gannu, chief security officer at ABB and senior vice president for architecture and analytics at ABB Ability said: “OTCSA aims to bridge dangerous gaps in security for critical and OT infrastructure and ICS to support and improve the daily lives of citizens and workers in an evolving world. Industry collaboration to establish guidelines is required to quickly advance the posture of OT, which is already a decade behind IT when it comes to security.”