Operational Technology Cyber Security Alliance (OTCSA) Launches

OTCSA to Deliver Comprehensive Cyber Security Guidelines for Operational Technology

17,239

A new global alliance focused on cyber security launched today. The Operational Technology Cyber Security Alliance (OTCSA) has been established to help companies address the OT security challenges that continue to put operations, and consequently, business at risk.

Cyber-attacks on critical and industrial infrastructure are on the rise, impacting operational reliability and business risk across all industries, including utilities, manufacturing and oil & gas. Threats to operational technology (OT) – the hardware and software dedicated to monitoring and controlling physical devices such as valves, pumps, etc. – can disrupt operations, negatively impact productivity, cause ecological damage and compromise human safety.

Smart sensors, robots, motors, electrical-power frequency converters, and other connected devices throughout modern OT environments are generating immense quantities of data. Analysis of data is delivering immeasurable benefits by enabling the highly flexible, optimised operation of factories, process plants, and other facilities.

At the same time, data is being utilised in ways that have blurred the boundaries between OT and IT (e.g., routing data from a factory’s network edge to the cloud). As the historical isolation, or “air gap,” that previously protected OT disappears, the increased convergence of IT and OT networks—along with the adoption of IT technologies into process control and automation systems—is making OT increasingly vulnerable to cyber attacks.

The upshot is that, more and more, hackers are selecting industrial targets, including ICS used by power plants and factories. The resulting disruption affects not only businesses and their customers but also daily life in a society that is dependent on the uninterrupted functioning of infrastructure and the modern, global supply chain.

operational technology cyber security alliance - OTCSA - Operational Technology Cyber Security Alliance (OTCSA) Launches

The current OTCSA membership consists of a dozen organisations, with a mix of device manufacturers, technology companies, consulting firms, and operators of industrial production environments. Current members of the OTCSA are: ABB, BlackBerry Cylance, Check Point Software Technologies, Forescout Technologies, Fortinet, Microsoft, Mocana, NCC Group, Qualys, SCADAfence, Splunk Technology, and Wärtsilä.

Eric Cornelius, CTO, BlackBerry Cylance commented,

“BlackBerry Cylance is honoured to join this multidisciplinary alliance with the mission to rethink the way we secure the world’s most critical systems. The OTCSA will provide important leadership and guidance for organisations working hard to protect their operational technology from sophisticated threats.”

The OTCSA mission is five-fold:

  • Strengthen cyber-physical risk posture of OT environments and interfaces for OT/IT interconnectivity
  • Guide OT operators on how to protect their OT infrastructure based on a risk management process and reference architectures/designs which are demonstrably compliant with regulations and international standards, such as IEC 62443, NERC CIP and NIST 800-53
  • Guide OT suppliers on secure OT system architectures, relevant interfaces and security functionalities
  • Support the procurement, development, installation, operation, maintenance and implementation of a safer, more secure critical infrastructure
  • Accelerate the time to adopt safer, more secure critical infrastructures

Until now, there has been no industry group focused on improving cyber risk posture by providing tangible architectural, implementation and process guidelines to OT operators so that they can navigate necessary changes, upgrades and integrations to evolving industry standards and regulations.

The purview of the guidelines will extend across the entire operational lifecycle. They will cover the OT spectrum, including ICS equipment, software, and networks, as well as IT equipment and networks used in or providing functionality to OT systems.

They will apply to both brown- and green-field installations and a wide variety of use cases in discrete manufacturing and process industries and utilities, among others. They’ll also address important but often-underemphasized domains, such as building management and facility access systems, control rooms, and medical equipment.

The OTCSA’s guidelines will align with existing industry-standard reference architectures, process frameworks, and protocols to ensure interoperability. They will also be crafted to take into account the key criteria of reliability, manageability, resiliency, and auditability.

In addition to providing valuable assistance to technical professionals on the front lines, OTCSA guidance will be presented clearly and concisely so that non-technical executives can use it to make better informed, management-level decisions.

Note as well that guidance and guidelines will be part of an ongoing effort, which will result in regular updates to ensure that the latest knowledge and best practices are incorporated as new and emerging areas are addressed.

OTCSA promotes collaboration amongst leading IT and OT companies, thought leaders in the cyber security community and vendors and OT operators from a variety of industries. Membership is open to any company that operates critical infrastructure or general OT systems to run its business (OT operators) as well as companies providing IT and OT solutions (solution providers).

Rapid Mobile uses cookies, tokens, and other third party scripts to recognise visitors of our sites and services, remember your settings and privacy choices, and - depending on your settings and privacy choices - enable us and some key partners to collect information about you so that we can improve our services and deliver relevant ads.

 

By continuing to use our site or clicking Agree, you agree that Rapid Mobile and our key partners may collect data and use cookies for personalised ads and other purposes, as described more fully in our privacy policy.

 

You can change your settings at any time by clicking Manage Settings or by visiting our Privacy Centre for more detailed information.

 

Privacy Settings saved!
Cookie Services

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

These cookies are necessary for the website to function and enable essential services and functonality, including identify verification, service continuity and site security. Opt out is not availabe.

Essential Session management cookies for logged in users
  • wordpress_test_cookie
  • wordpress_logged_in_
  • wordpress_sec

For perfomance reasons we use Cloudflare as a CDN network. This saves a cookie "__cfduid" to apply security settings on a per-client basis. This cookie is strictly necessary for Cloudflare's security features and cannot be turned off.
  • __cfduid

Used by Spamshield to stop spam signups
  • _wpss_h_
  • _wpss_p_

NewsWire Service
  • BIGipServerwidget2_www_http

Decline all Services
Accept all Services