Across the international landscape, the pressing need for cybersecurity in operational technology (OT) and industrial control systems (ICS) is catalysing the emergence of various communities, associations, and alliances dedicated to fostering information sharing and enhancing awareness of cyber threats. The growing concerns surrounding cyber risks have prompted these industry coalitions to promote active participation among cybersecurity professionals through collaboration, skills exchange, and the development of competencies.
One key initiative in this realm is spearheaded by the International Society of Automation (ISA), which has established the ISA Global Cybersecurity Alliance (ISAGCA). This platform aims to elevate awareness, education, preparedness, standardisation, and knowledge sharing in OT cybersecurity. With over 50 member companies generating more than US$1.5 trillion in revenues and maintaining over 2,400 locations worldwide, ISAGCA functions as a crucial response to escalating cybersecurity threats that endanger facilities, processes, and community welfare.
ISAGCA is a strong advocate for the adoption of the ISA/IEC 62443 industrial cybersecurity standards, which are internationally acknowledged as leading consensus standards for OT cybersecurity. The alliance collaborates with a variety of stakeholders to ensure these standards are incorporated into laws, regulations, and diverse sector policies.
In the United States, the Cybersecurity and Infrastructure Security Agency (CISA) is focused on the development of 'Connected Communities'—networks integrating cutting-edge technologies to enhance efficiency and sustainability. CISA perceives these initiatives as substantial opportunities for local governments to leverage technological innovation for improving public services. However, the growing dependency on integrated IT and OT systems raises alarms about potential service disruptions and cascading impacts affecting critical infrastructure operations across the nation.
The agency warns that vulnerabilities within interconnected smart technologies could jeopardise the operations of state, local, tribal, and territorial (SLTT) stakeholders, threatening both critical infrastructure operations and the security of sensitive government and personal data. CISA remains committed to partnering with governmental bodies, the private sector, and international partners to formulate comprehensive risk mitigation strategies aimed at smart, connected technologies.
In regions such as Cyprus, a robust Cybersecurity Community is forming that encompasses stakeholders from various sectors—including private, public, academic, and research entities. This body seeks to integrate diverse knowledge systems, encourage participation in research and training projects, and disseminate valuable cybersecurity competencies among its members. Such community-driven initiatives are pivotal in identifying cybersecurity challenges that inform the development of national and European roadmaps for cybersecurity advancements.
Another notable community within this sector is the OT Security Professionals, which collaborates with partners like the Cloud Security Alliance Bangalore Chapter and Security BSides Ahmedabad to enhance OT cybersecurity knowledge and foster professional connections. This community has focused on creating extensive networks that thrive on collaboration, education, and innovation to secure critical infrastructure.
Engagement in continuous learning and adaptive practices constitutes the backbone of community initiatives, facilitating participation in workshops, seminars, and certification programmes aimed at enhancing professional skills. Additionally, members are actively involved in initiatives like mentorship programmes, hackathons, and industry conferences that provide essential platforms for collaboration on real-world cybersecurity challenges.
Looking to the future, these communities are progressively orienting their activities towards reinforcing cybersecurity sustainability and resilience, in alignment with rapid technological advancements. They are working to ensure readiness against potential future disruptions within OT/ICS landscapes while constantly assessing existing strategies to enhance their effectiveness.
Puneet Tambi, a senior OT cybersecurity architect at Baker Hughes, recounts the genesis of the OT Security Professionals community, stating it was established in December 2020, sparked by personal networks on LinkedIn and WhatsApp. He identified early challenges as the need to raise awareness of OT security’s critical importance and the drive to foster meaningful collaboration among diverse professionals. Through dedication, shared content, and a focus on quality, these challenges were addressed effectively.
Tambi also shared that the community gained significant momentum following the launch of the OTSecurityProTechTalk event in February 2023, which not only underscored the significance of OT security but also united a dedicated team of contributors committed to advancing the community’s goals.
Echoing similar sentiments, Shiv Kataria, senior key expert for R&D at Siemens India, highlighted the establishment of the OT Security Huddle, born out of his passion for sharing knowledge and mentoring aspiring professionals. The Huddle has adapted to reach a diverse audience, utilising online platforms to facilitate discussions across topics in OT security.
John Kingsley, a senior R&D OT cybersecurity engineer at Hitachi Energy, noted that the community evolved organically since its inception in 2018, becoming a focal point for discussions and networking within the OT security domain.
The OT Security Professionals’ initiatives include empowering professionals through expert-led discussions, mentorship opportunities, and sharing of actionable intelligence on trends and developments in OT security. Members engage in interactive discussions, webinars, and the creation of a supportive network, significantly enriching the professional landscape and establishing a strong foundation for ongoing community growth.
Plans for the future include enhancing the global reach of these communities while exploring new collaborative opportunities, particularly as organisational needs surrounding security challenges evolve. Each member within the various initiatives expresses a commitment to providing a safe environment conducive to knowledge sharing and networking, enhancing overall resilience against emerging cybersecurity threats.
Overall, these dynamic associations reflect an evolving commitment within the OT cybersecurity sphere to prioritize training, mentorship, and collaborative knowledge sharing, laying the groundwork for a more secure future in critical infrastructure management across the globe.
Source: Noah Wire Services