OT Cybersecurity Risk Assessment
In recent years, miners and the industrial sector in general have been turning to increased automation of processes to drive productivity while reducing costs. This is taking place against a background of increased competition in an increasingly globalised economy.
Automation in this context generally involves increasing reliance on Operational Technology (OT), relative to human activities, to control processes. OT is generally understood to be a sum of hardware and software that enables real time or near real time process control.
A classic example of this is supervisory control and acquisition (SCADA) which has been at the core of process automation for decades. The number and importance of processes being automated continues to increase (autonomous mining vehicles, for example).
All OT is heavily data dependent. A common thread amongst the various forms and domains of OT has been their convergence, at various layers, with traditional IT: OT networks such as those used in SCADA are now rarely completely separable from corporate networks. Furthermore, traditional IT networking devices and protocols have significantly infiltrated traditional OT networks, the driving forces being convenience and lower costs.
But in addition to providing important benefits, this convergence of OT and IT networks presents new and evolving threats and subsequent risks. Although not completely separable, risk and risk management in OT can be very different to traditional IT, and these differences must be very well understood. OT deals with real time or near real time processes in the physical world that often involve large and complex flows of mass and energy, the improper control of which can result in catastrophic outcomes in respect to life and safety, productivity, damage etc. Therefore, OT risk assessment is a critical activity that should be carried out as part of a continuous risk management process.
An important obstacle to OT risk assessment arises from its convergence with traditional IT: few personnel exist that have substantial skills in both domains. Yet such cross-skilling is very important in minimising misunderstandings between experts in the two domains (which itself can constitute a risk). Few traditional engineers in the OT domain have substantial traditional networking knowledge, and vice versa.
Vernetzen has the expertise to bridge that gap. The Vernetzen team consists of experienced traditional engineers (e.g. chemical, mechanical) with highly regarded networking certifications, and traditional network engineers with direct exposure to and familiarity with mining operations and OT.
This rare cross-skilling allows the Vernetzen team to interface with your personnel such that your unique OT needs are understood, and risk assessments based on this understanding of more relevance and added value.
We look forward to discussing the OT risk assessment needs of your business.