OT Cybersecurity to Intensify in 2023

Workforce development, with an eye on changing manufacturing culture to recognize cybersecurity as a fundamental workplace tenet, alongside functionality, efficiency, and safety, will play a significant role in 2023 cybersecurity efforts.

Securing legacy assets and worker training lead efforts to protect the manufacturing environment.

By Claire Fallon and Carlos Mandolesi, International Society of Automation

As smart manufacturing technologies are increasingly implemented and begin to mature, new and increased cybersecurity challenges have emerged beyond device-level IT risks. Termed “operational technology” or OT cybersecurity, this field refers to the security and safety of industrial environments, and it is of critical importance when it comes to securing infrastructure and supply chains.

At the International Society of Automation (ISA), Research Triangle Park, NC (isa.org), standards development, conformity assessment, and training activities have been underway for many years to address various aspects of OT cybersecurity. There is no doubt that 2023 will put more attention on this important field, as global governments, insurers, cybersecurity professionals, and asset owners increasingly focus on mitigating their risk.

One of the biggest challenges facing the OT cybersecurity space is legacy equipment that cannot easily be integrated, particularly at the state and municipal levels, or with small- to medium-sized enterprises (SMEs). OT-specific security equipment and platforms that address this challenge are becoming increasingly prevalent in the market, but not all of these are created equal. In 2023, we expect that government stakeholders and industry asset owners will demand rigorous solutions that present the highest levels of security and interoperability and will look for compliance with recognized international standards such as ISA/IEC 62443.

In September 2022, the United States House Subcommittee on Cybersecurity, Infrastructure Protection, & Innovation held a hearing focused on securing industrial control systems. Workforce development was a major focus of that conversation, with an eye on changing the culture among engineers to recognize cybersecurity as a fundamental workplace tenet, alongside functionality, efficiency, and safety. We expect plant managers will be even more focused on OT cybersecurity training and certification programs in the year ahead.

Digitalization, enabled by the industrial internet of things (IIoT), has been increasing rapidly during the past decade, with advances in sensor technology offering ever more context about equipment, processes, and operations. But new applications and advancements could also mean greater vulnerability, which is why a risk management and mitigation strategy is a critical part of digital transformation. We expect to see the largest asset owners investing in their own security operations center (SOC) to monitor and log IT and OT events in a single location. For those SMEs that cannot make the significant investment required for a proprietary SOC, managed security service providers (MSSPs) provide this as an outsourced service. The MSSP market will continue its significant growth in the coming years as asset owners seek solutions that are reliable, affordable, and scalable.

Industrial cybersecurity is not a destination, it is a journey. Manufacturers who can best optimize their cyber-physical systems and workforce will be the winners in their market, and an increased focus on OT cybersecurity is the key to that success. EP

Claire Fallon is executive director and Carlos Mandolesi president of the International Society of Automation, a non-profit professional association founded in 1945 to create a better world through automation.