Industrial cybersecurity group gathers lobbying force

Industrial giants, cybersec vendors collect under OTCSA banner

A number of the world's largest manufacturing and cybersecurity companies are getting behind a new consortium aimed at protecting industrial systems from threats.

The Operational Technology Cybersecurity Coalition (OTCSA) is targeting the end-to-end industrial flow for a wide range of manufacturers, including Coca-Cola, Honeywell, and Blackberry in addition to the expected plethora of cybersecurity companies like Fortinet, ABB, and Check Point.

The group wants to set the cybersecurity tone in areas as wide-ranging as automotive, semiconductor, energy, banking, and telcos with "membership open to any company that operates critical infrastructures or operates OT systems to run its business," in addition to cybersecurity platform vendors.

Along with threat-sharing, the focus is to collect and share information with members and government entities with an emphasis on new regulations, including with NIST and the U.S. Commerce Department.

OTCSA is emerging during a crisis point in industrial cybersecurity with several highly-publicized incidents in the last several years, from the A.P Moller-Maersk shipping fiasco, the range of WannaCry and NotPetya ransomware incidents that hit several manufacturers, and TSMC's WannaCry hit to fab facilities in 2018 and nearer term, fears about critical infrastructure vulnerabilities in grid, water, and other systems.

"90 percent of companies responding to a survey reported at least one security compromise to their infrastructure in the previous two years resulting in the loss of confidential information or disruption to operations," OTCSA says. "Troublingly, preparedness is not growing commensurately. Some 80 percent of those same organizations say they have insufficient visibility into their assets and hence on their attack surface."

The Zurich, Switzerland based organization points the expanding number of potential attack points. "Smart sensors, robots, motors, electrical-power frequency converters, and other connected devices throughout modern OT environments are generating immense quantities of data. Analysis of data is delivering immeasurable benefits by enabling the highly flexible, optimized operation of factories, process plants, and other facilities," OTCSA details in its extensive of the problem.

"At the same time, data is being utilized in ways that have blurred the boundaries between OT and IT (e.g., routing data from a factory's network edge to the cloud). As the historical isolation, or "air gap," that previously protected OT disappears, the increased convergence of IT and OT networks—along with the adoption of IT technologies into process control and automation systems—is making OT increasingly vulnerable to cyberattacks," they add.

The mission statement of the OTCSA sets forth a number of goals to help establish best practices. The guidelines it establishes will be publicly shared (so not kept within the confines of the organization once set forth).

"Readiness is not the only challenge; the ability to respond is, too. Some 61 percent of organizations in the Oil and Gas industry believe it's unlikely they would be able to detect a sophisticated attack. Yet, in a separate survey, some 77 percent of companies say they are likely to become a target of a cyber security incident involving ICS," the organization adds. ®

Similar topics

Other stories you might like

  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
    Nearly 60 holes found affecting 'more than 30,000' machines worldwide

    Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

    Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

    The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

    Continue reading
  • 1Password's Insights tool to help admins monitor users' security practices
    Find the clown who chose 'password' as a password and make things right

    1Password, the Toronto-based maker of the identically named password manager, is adding a security analysis and advice tool called Insights from 1Password to its business-oriented product.

    Available to 1Password Business customers, Insights takes the form of a menu addition to the right-hand column of the application window. Clicking on the "Insights" option presents a dashboard for checking on data breaches, password health, and team usage of 1Password throughout an organization.

    "We designed Insights from 1Password to give IT and security admins broader visibility into potential security risks so businesses improve their understanding of the threats posed by employee behavior, and have clear steps to mitigate those issues," said Jeff Shiner, CEO of 1Password, in a statement.

    Continue reading
  • Inside the RSAC expo: Buzzword bingo and the bear in the room
    We mingle with the vendors so you don't have to

    RSA Conference Your humble vulture never liked conference expos – even before finding myself on the show floor during a global pandemic. Expo halls are a necessary evil that are predominatly visited to find gifts to bring home to the kids. 

    Do organizations really choose security vendors based on a booth? The whole expo hall idea seems like an outdated business model – for the vendors, anyway. Although the same argument could be made for conferences in general.

    For the most part, all of the executives and security researchers set up shop offsite – either in swanky hotels and shared office space (for the big-wigs) or at charming outdoor chess tables in Yerba Buena Gardens. Many of them said they avoided the expo altogether.

    Continue reading

Biting the hand that feeds IT © 1998–2022