Securing OT has been a challenge for IT departments for many years. The problem is that many of the systems currently in use have been designed and installed without consultation with IT departments. As a result, it is not unusual to find OT systems that have been in place for 10, 15, 20 years or more. Securing such systems is a nightmare for many organisations, so where do you start?
Enterprise Times talked with Paul Baird, Chief Technology Officer in the UK for Qualys. ET asked Baird where should security teams start when it comes to getting control of OT. Baird says there are three things that companies need to do.
“Visibility first and foremost. The environment needs to be mapped out. It can’t be a clipboard exercise. It needs to be automated.
- “The OT and the IT engineers need to start working closely together. If you don’t start to form working groups, then there is just going to be combatants. OT is going to see IT as a blocker, so you need to work together collaboratively.
- “Bring in vendors to understand the environment. A lot of these OT engineers might know how these systems work but may not understand the nuances of getting them patched, getting them up to date.”
Can we fix existing OT systems? Baird commented: “I don’t think traditional OT can be repaired. We’re at a situation where there’s very little can be done with OT apart from wrapping technologies around it to be able to detect and potentially respond to those threats but the devices themselves are too past it.”
To find out how Baird thinks we should deal with OT, listen to the podcast.
Where can I get it?
You can listen to the podcast by clicking on the player below. Alternatively, click on any of the podcast services below and go to the Enterprise Times podcast page.