by Graeme Pyper, Cyber Security, Thales Australia
In 2011, Gartner advised business leaders to prepare for the convergence, alignment and integration of Information Technology (IT) and Operational Technology (OT) environments. Technological innovations, such as Artificial Intelligence and the Internet of Things, have opened up new opportunities for businesses to improve and optimise their operations, but the increase in connected and intelligent devices has exposed a number of vulnerabilities in the utility sector’s approach to cyber security.
Despite the threats and challenges, IT and OT convergence is a critical component of any utility’s successful digital transformation and so organisations must evolve their defences to protect against increasingly sophisticated cyber criminals.
One of the key issues stems from leadership’s lack of visibility into the cyber risks that exist at various levels of an organisation.
Boards in particular lack a granular view of issues like which cyber policies are falling short, or how non-compliance is being tracked and fixed.
In addition, it is difficult for them to validate the perspective provided to them by IT managers and various other department heads.
Ultimately, this can lead to differing viewpoints on where an organisation sits against international best practice and what activities or resources are required to drive improvements.
There are a range of other factors which can limit the effectiveness of an organisation’s approach to cyber security, including:
- Inconsistent approaches between different departments
- Too many vendors and standalone products, increasing cost and oversight
- Failure to adapt to changes in risk environment
- Unclear accountabilities
The implications of a weak or immature cyber security capability can be severe and include potential long-term disruption to business continuity or even charges of criminal neglect by executives and board members.
The journey to cyber maturity
Many of these challenges can be addressed in a way that allows organisations to protect and defend against threats while also supporting teams to innovate and operate with agility.
This is the pinnacle of cyber maturity and Thales, a premier provider of cyber security systems, products and services in both commercial and defence areas, has a proven approach to helping critical infrastructure organisations reach this point.
Thales has worked with over 400 critical infrastructure organisations worldwide and has witnessed the same recurring shortcomings in the sector’s approach to cyber security.
It starts with analysing cyber security and determining the vision, current reality and consequences of action or non-action.
Every organisation needs a vision of what good cyber security looks like. This encompasses what government mandates or structures it needs to adhere to, how adaptive it needs to be, and how it balances these and other objectives with its risk appetite.
The organisation needs to establish a realistic baseline for where it is today and determine the actions required to lift its cyber security capability and achieve its vision.
Consequence is about understanding the what-ifs and taking thoughtful, deliberate actions to mitigate risks in line with business objectives.
A clear vision of your security pathway
Wherever your organisation is on this journey, Thales can partner with you to accelerate your cyber maturity. Thales starts by helping you to define or validate your vision, working with you to identify and address the gaps in between where you are today and where you want to be in the future.
Establishing your vision involves a careful assessment of your organisation’s objectives, the threat landscape and also the standards that apply to your industry or operating environment.
Thales can support you with this assessment and help you develop a vision for cyber security that supports the overarching aims of the organisation and is in line with international best practice.
This vision should include having the right systems, processes and resources in place to detect and respond to new threats, and also readily restore operations in the event of an incident.
Once you have your vision in place, Thales can help you to thoroughly assess your current reality and provide you with the data you need to make better decisions about cybersecurity.
This assessment may cover the following areas:
- Governance – including policies and processes to mitigate risks and ensure compliance requirements are met
- Design – including the functional aspect of policies and how they support the ongoing operation of the organisation
- Assurance – including the ongoing testing and optimisation of governance and design
- Vigilance – including processes for tracking immediate threats and continually evolving policies
Following the detailed analysis of both the vision and reality, Thales can help to define and analyse the actions required to address the gap, as well as the consequence of these actions.
It will identify the best people, partners and products to solve whatever unique challenges you may have, whether that’s stopping state-based actors or preventing interference of CCTV.
For more information or to set up a consultation with a Thales security expert, contact [email protected].
Interested in learning more about how your organisation can guard itself against cyber security threats? Click here to download the Report on Cyber Threats to Operational Technologies in the Energy Sector.