Intelligent CISO Issue 76 | Page 51

COVER story

Sithembile Songo , Group Head : Information Security , Eskom , discusses key cybersecurity challenges unique to a national grid supplier , the fundamental elements of a successful cybersecurity framework , creating a strong cybersecurity culture within an organisation and how breaking down silos between IT and OT departments is critical .

AVOIDING SECURITY OVERSIGHTS TO STRENGTHEN DEFENCES

What are the key cybersecurity challenges unique to managing a national grid supplier ?
Digitalisation and connectedness of industrial environments are opening business opportunities and enhancing operational efficiency . This rapid modernisation and complexity of interconnected systems has expanded the attack surface , opening more entry points for cybercriminals and exposing organisations to cyberattacks that can counterpoise the benefits .
This surge in digitalisation has also exponentially increased the importance of cybersecurity , making it imperative to revise the cybersecurity strategy and uplift the cybersecurity posture to address the growing digital criminal activity .
National grids rely on operational technology – OT that was not designed with security in mind . These OT systems are used to monitor events , processes and devices of industrial operations . The lifecycle of OT lasts longer than that of IT systems , sometimes ranging between 15 to 20 years , compared to an average of five years IT systems life span . This can
present the inability to implement controls that rely on modern technologies .
To mitigate this risk the Encapsulation Principle can be applied when an upgrade is not possible . This is where a new intermediate secure technology is introduced to interact with business applications . Thereafter , system hardening can be practised together with a tightening of usage procedures . Legacy systems should also be placed behind other layers of defence .
The necessity of increased convergence of OT with the traditional IT environment is leading to additional inherent vulnerabilities , which are doubling every year . Secure design of IT / OT convergence is therefore crucial and should include cybersecurity from the beginning and evolve through every stage .
The process of IT / OT convergence involves merging the two environments to exchange and distribute data that could enhance the value and enterprise supply chains through Digital Transformation . For instance , a benefit of this convergence within the energy sector could be for the better planning of energy delivery through smart meters where real-
WWW . INTELLIGENTCISO . COM 51