ISACA and the International Society of Automation Issue Call to Action
The convergence of information technology and operational technology is a business imperative to improve information security, according to new guidance from global IT association ISACA and the International Society of Automation (ISA).
The guide, “The Merging of Cyber Security and Operational Technology,” resulted from a joint investigation by ISACA’s Cybersecurity Nexus (CSX) and ISA to explore security issues and opportunities in industrial systems and the industrial internet. The growing number of industrial control cyber breaches has heightened information security on the executive management agenda, according to the guide.
“The Merging of Cyber Security and Operational Technology” can be accessed as a free download at http://www.isaca.org/cyber-ot.
“Complexity is a major impeding factor in any attempt to establish cybersecurity capability,” said Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, ISACA Board chair and group director of information security for INTRALOT. “Taking into account the critical importance of OT and its increasing need in cybersecurity, bringing IT and OT together is a fundamental step in addressing cyber threats, as well as to increase overall performance and decrease expense.”
The guide characterises IT as “responsible for the systems that collect, transport and process data that provide information to the business,” while OT “generally comprises the systems that handle the monitoring and automation of ICS through supervisory control and data acquisition (SCADA) systems attached to distributed control systems (DCS).”
The lack of alignment between OT and IT creates a climate ripe for attacks on critical infrastructure and SCADA systems that monitor and gather data in real time to remotely control equipment and conditions. Organisations that integrate OT and IT should experience seven benefits, according to ISACA and the ISA:
- Reduced operating costs through the elimination of redundant processes and resources
- Increased control over distributed operations
- Improved security through an integrated approach for cybersecurity across both categories
- Consistent risk management across technology domains
- Improved governance and management of systems
- Improved overall plant safety (it cannot be safe if it is not secure)
- A continuous process of “assess, implement, maintain and repeat.
Those results can be achieved if IT and OT work together as a cross-functional unit, understanding each other’s systems and the value each brings to the organisation. The guide offers criteria for full convergence that includes IT and OT systems leveraging common standards, risk and governance approaches, and operating as one business unit with common objectives. This level of coordination requires employees from IT and OT be cross-trained and strong change management processes to be in place.
A free webinar, “IT/OT Convergence and Industrial Cybersecurity,” will take place 20 July 2016. Attendees who are members of ISACA can earn one continuing professional education (CPE) credit. To register, visit http://www.isaca.org/Education/Online-Learning/Pages/Webinar-ITOT-Convergence-and-Industrial-Cybersecurity.aspx.
ISACA (isaca.org) helps professionals around the globe realise the positive potential of technology in an evolving digital world. By offering industry-leading knowledge, standards, credentialing and education, ISACA enables professionals to apply technology in ways that instill confidence, address threats, drive innovation and create positive momentum for their organisations. Established in 1969, ISACA is a global association with more than 140,000 members and certification holders in 187 countries. ISACA is the creator of the COBIT framework, which helps organisations effectively govern and manage their information and technology. Through its Cybersecurity Nexus (CSX), ISACA helps organisations develop skilled cyber workforces and enables individuals to grow and advance their cyber careers.