66f6d8d09dd3b41bc87fc00f Shutterstock 1757477330
  1. Blogs
  2. Unfettered Blog

Sam Houston State University paper: “Who’s in charge of OT security”

Sept. 27, 2024
CISOs have been given the additional responsibility for cyber securing OT assets without a firm understanding of the technical constraints of OT systems

The Institute for Homeland Security at Sam Houston State University just published my paper – “Who’s in charge of OT security.”

CISOs have traditionally been responsible for cyber security of enterprise IT networks excluding the control system (operational) assets which were under the purview of the engineering organizations. After the 2006 Gartner Research paper that coined the term “operational technology (OT)”, the CISOs have been given the additional responsibility for cyber securing OT assets without a firm understanding of the technical constraints of OT systems.

Get your subscription to Control's tri-weekly newsletter.

Unfortunately, that change frequently has resulted in OT systems being operationally impacted by employing network cyber security technologies and testing that worked for IT but not OT inadvertently impacting control system reliability. In many cases, CISOs or their organizations have excluded engineering organizations from participating in OT cyber security which has caused further organizational chasms between the engineering and network security organizations.

Therefore, I posit that CISOs as advocates for enterprise security be engaged with the CISO. However, there also needs to be engineering advocates for the reliable, safe, and secure operation of the control systems. The paper and my presentations provide justification for those responsible for security and facility operations also be engaged in IT, OT and control systems discussions with the CISO and the C-Suite. 

Consequently, the purpose of the paper is to address the question of which team in the organization should oversee OT cyber security to maximize security effectiveness and minimize potential inadvertent operational impacts of OT systems.

Separately, on Sept. 24, 2024, Paul Venneman from Blue Ridge Networks and I gave a presentation at HouSecCon on “OT cyber security: the cure is worse than the disease” because inappropriate network security technologies and testing have directly contributed to control system cyber-related incidents. I will have more to say about the HouSecCon session in another blog.

Continue Reading

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Why should American-Made Products be a top priority?

Within this white paper, Shalabh “Shalli” Kumar, founder of AVG Advanced Technologies, stresses the importance of prioritizing American-made products to safeguard the country'...

Latest from Unfettered Blog

shutterstock_2328031585
shutterstock_2488728911
shutterstock_2470607933

Most Read

Sponsored