Intelligent CISO Issue 45 | Page 41

EXPERT OPINION

Building a robust OT security programme

wWhy is there more attention on Operational Technology ( OT ) and ICS cybersecurity now than in times past ?

As hyperconnectivity sweeps across industries , OT cybersecurity has risen to the top of the CISO ’ s priority list . But this complex environment requires a different approach than enterprise IT . Robert M . Lee , the CEO of Dragos , tells Intelligent CISO , about the various types of attacks and threat groups , the importance of threat intelligence and why the Middle
East is an important region for the company .
For a long time , organisations have fully appreciated the need to protect critical infrastructure , and it ' s been a message carried by governments too . However , historically , companies have prioritised enterprise information technology environments . Though that was probably the right call for a long time , the reality is that OT environments are so important as the revenue-generating side of the house and the one that impacts the environment and safety , etc .
That side of the house has only ever been firewalled off , but as companies worldwide go through Digital Transformation or hyperconnectivity , we ' re starting to see those OT environments being connected in a significant way and , therefore , an increase in the threats that are actively targeting them .
Organisations have realised that we have underappreciated the risk on the business side that is important for society , so we ' re seeing a pendulum swing now where they are starting to reinvest in OT security .
How much of a risk do ICS adversaries pose to organisations , particularly in the Middle East region ?
The risk is high , but we all need to appreciate that the frequency will be higher in enterprise IT – we ' re going to see more phishing emails and exploitation
Robert M . Lee , the CEO of Dragos
of IT environments than we ' re going to see in terms of exploitation and accessing of operations environments .
However , the impact of a phishing email or the effect of compromising data in the enterprise , while meaningful , is nowhere near the same as the impact when you take down safety systems or critical systems or the ability to impact national security .
Tell us more about the different types of attacks , threat groups and what they ' re seeking to achieve ?
We see a wide variety of groups . Some have already crossed the divide and taken down infrastructure or tried to hurt people , such as the attacks in the Kingdom of Saudi Arabia ( KSA ), www . intelligentciso . com
41