The focus and spending on information technology (IT) systems by business organisations in India needs to be complemented with similar efforts in operational technology (OT) and consumer technology (CT) systems to combat myriad cyber attacks.
Currently, such initiatives are not taking place, thereby leading to a rise in attacks by cyber criminals.
OT and CT systems have long been used in industrial and end-user products to monitor and control physical processes. Traditionally, these technologies have been air-gaped, in that they are segregated from the IT network. However, OT and CT systems are becoming increasingly interconnected and integrated with other IT systems.
Economic challenges, resource constraints, business requirements and technology standardization have made it impractical to continue completely segregating OT and CT networks from IT networks it is seen.
With an increase in the usage of information and OT and CT in critical infrastructure, overall effectiveness has increased. However, these elements have also become the target of choice for attackers since they recognize the impact of disrupting the routine way of life.
Thus, considering that organisations today are more reliant on OT and CT networks to control their operations and infrastructure, they should build a forward-looking cyber security programme that is based on the right balance of technologies, processes and people skills—all supplemented with an ample measure of innovation.
With these components in place, organisations are likely to be better prepared for the future of cyber security.
By identifying cyber security flaws and issues, decision makers will be better placed to implement appropriate security controls, design additional secure architectures, monitor targeted attacks and maintain effective cyber resilience for their IT, OT and CT networks.
Certain cyber security gaps in OT and CT systems amid organisations in India – lack of accountability about ownership to secure OT and CT infrastructure; poor maintenance of basic security hygiene (missing security updates, poor password practices, insecure encryption and authentication, lack of segregation within networks); limited understanding of security risks and vulnerabilities amid stakeholders; poor monitoring for security purposes; missing security plans thereby increasing potential impact of incident.
Maintaining a secure and resilient OT and CT environment requires a comprehensive strategy that covers security governance and process, implementation of the right technology and employing people with the right skills.
A national strategy to secure critical infrastructures requires collaborative efforts through timely information sharing across critical sectors. Timely information on events and incidents to critical infrastructure stakeholders, for potential cross-sectoral impacts, would help in appropriate response mechanism. National-level cross-sector forums could be established to institutionalize the cooperation between various critical sectors
Besides, a clear understanding of cyber risks and adequate cooperation between relevant business, IT, OT and CT teams are also required.
There is also a need for setting up sector-specific nodal body for designing plan, advisories and guidelines to manage and govern overall cyber security aspect for the sector and enhance public-private partnerships.
An emergency warning network regarding cyber vulnerabilities, threats and incidents is crucial to proactively analyse and respond to damage or attacks on such infrastructures.
With regard to security incidents in critical infrastructure, organised efforts are required to reduce the potential cascading impact and response time it is recommended.
Incident response for critical infrastructures requires a partnership between public and private organisations to perform analysis, issue early warnings and coordinate response efforts.
No comments:
Post a Comment