Joe Wingo
After years in which the U.S. military has primarily focused its “zero trust” approach to cybersecurity on protecting information technology systems from attack, it is now expanding focus to include protecting operational technology (OT) systems.
The DoD is working with the Operational Technology Cybersecurity Coalition (OTCC), a diverse group of leading industrial control systems and OT cybersecurity vendors, to solicit input from the industry for recommendations on how to apply zero trust to the department’s OT systems. These include energy management systems supporting military installations and infrastructure control systems supporting DoD water treatment facilities.
Zero trust cybersecurity helps safeguard DoD networks and operations by dramatically decreasing risks, improving network visibility and implementing a strict “never trust, always verify” posture.
In a letter last year to the Senate Armed Services Committee, the OTCC executive director applauded the committee’s legislation directing the DoD to address these issues and noted the importance of private and public collaboration..
With the DoD expected to share its zero trust strategy for OT later this year, the department has an opportunity to rethink its traditional approach to protecting OT through a “build a moat” strategy, virtually separating OT systems from other infrastructure. It also needs to leverage cloud and artificial intelligence (AI) capabilities to increase protection while cutting costs. Any strategy for maximizing the defense of OT networks while managing and cutting costs requires the integration of AI and machine learning capabilities and cloud computing.
The threat to operational technologies
The OT threat isn’t new. In 2010, the highly publicized Stuxnet attack on equipment associated with the Iranian nuclear program showed how devastating these attacks can be.
No comments:
Post a Comment