OT systems are ubiquitous across all critical infrastructure industries, such as Oil and Gas, Automotive, Energy, Water Utilities, and Transportation.
OT infrastructure is very vital to any nation's security to ensure the delivery of essential services to its citizens.
Given the absolute criticality of this domain, OT cybersecurity is getting the highest priority from all nations, such as the creation of the National Cybersecurity Strategy in the US and the EU Cybersecurity Act.
In this article, a leading OT Cybersecurity expert from the US, Krishna Tata shares his learnings on the need for building comprehensive OT cybersecurity programs specifically for the automotive industry.
Krishna is a highly regarded OT cybersecurity expert who has built several cybersecurity products for the IBM security products portfolio, including award-winning ones such as IBM QRADAR SIEM and SOAR and has built their OT security practice, which is one of the largest teams of OT security professionals in the world.
Krishna has been engaged in cutting-edge OT cybersecurity product development and research at IBM and has been helping critical infrastructure clients since 2015 in addressing critical security issues.
In this article, we tap into his expertise to discuss the importance of identifying and assessing risks, implementing security controls, and continually monitoring in the context of the automotive industry.
The automotive industry is a term loosely applied to organizations that are engaged in the design, development, manufacturing, servicing, and repair of automobiles.
The industry is generally at the forefront of innovations in automation and leverages newer technologies, such as IoT sensors and robots, in their manufacturing.
The automotive industry, at its core, is a subset of manufacturing industries, albeit very advanced and complex in its operations.
Both go hand-in-hand, and without robust security controls at the plant level for OT equipment, cars on road running complex systems and software can never truly be secure.
It's important to have visibility of any legacy systems and end-of-life systems and how they might interface with new OT technologies.
OT cybersecurity teams: These teams should have an intimate knowledge of the OT environment and architecture in order to properly assess risks, develop controls, and support incident response.
This can either be a dedicated OT security team or security staff that works within an industrial automation group or control systems group.
IT security teams: While IT may not have as much overall visibility into OT assets as OT/controls staff or cybersecurity teams, they still need to be involved in policies/procedures, system updates/patches, access controls, etc.
OT systems at plants have been traditionally air-gapped from the rest of the company's networks and also the internet.
Automotive organizations can learn from the experiences of others when it comes to building their own OT security programs.
With the newer push to Electric Vehicles, sophisticated OT manufacturing processes, more connected protocols such as Bluetooth NFC, and an increasing number of AI digital assistants in cars, the threat vectors will only grow.
OT manufacturing in automotive will increasingly use Robots to do a lot of activities from vendors such as Fanuc and Motoman.
Coming from one of the foremost experts in OT cybersecurity, these are prescient words that will need to be kept under close consideration for a safer and more secure world of automotive manufacturing and OT cybersecurity.
This Cyber News was published on feeds.dzone.com. Publication date: Thu, 14 Dec 2023 14:13:05 +0000