New vulnerabilities will emerge. The rapid expansion of the attack surface due to IT/OT convergence has attracted cyber adversaries to the energy and utilities sector. Complicating matters further, OT environments are especially difficult to defend against cyberattacks due to the vulnerability and fragility of systems in place, and the common use of implicit trust models.
These trusted systems can extend from upstream (exploration) to midstream (transportation and storage) to downstream (refining and distribution) OT infrastructures. The risks to utility networks range from regulated power generation to transmission to retail electricity distribution.
Clearly, a new OT security strategy is needed. Zero trust, segmentation, purpose-built solutions and a clear understanding of the scope of the challenge are the building blocks your organization needs to proactively outmaneuver cybersecurity adversaries and to ultimately sustain a proactive defense for highly valued OT system assets.
About the author: Rick Peters has three decades of cybersecurity experience working across foreign, domestic, and commercial industry sectors at the National Security Agency (NSA). Fortinet, Sunnyvale, Calif., delivers integration security solutions for global enterprise, mid-size, and small businesses.