Ensuring Cyber Resiliency for OT Systems

The partnership with Dragos has resulted in increased efficiency, productivity and cybersecurity readiness. The utility is prepared to counter evolving cyber threats and plans to expand the footprint of the Dragos Platform in the future by adding sensors at prioritized sites.

Automate—with caution

In an ISAGCA blog post, titled “The Danger of Overreliance on Automation in Cybersecurity,” Zac Amos, features editor at ReHack, and frequent contributor to the ISAGCA Blog wrote: “Automation is critical in enhancing cybersecurity efforts, and speed is one of its key benefits. Most cyberthreats spread quickly, such as ransomware or worm attacks, and automated systems can detect and respond to them much faster than humans can. AI [artificial intelligence] also ensures consistency because it can do repetitive tasks with high accuracy. However, it’s easy to rely too heavily on automation to provide cybersecurity. The volume of logs, alerts, and incidents is multiplying exponentially, and automated tools can analyze vast amounts of data without getting overwhelmed. This can be a double-edged sword, though. Companies should have a healthy balance of tech and human talent when keeping systems safe.”

Amos warns that some of dangers of being overly dependent on automation in cybersecurity include a false sense of security, false positives and/or negatives, lack of context, reduction in human expertise and reliability concerns to name a few. “Believing that automated systems will catch every threat can make organizations complacent. No system is perfect, and new, unforeseen threats are always emerging,” he said.

“Automated systems can generate false positives, which can desensitize security teams if they happen frequently,” Amos said. “Conversely, false negatives, where a genuine threat goes undetected, can have severe implications.” In addition, “automated systems lack the human intuition and context needed to evaluate the risk and importance of a particular alert. A seasoned security expert can differentiate between a benign activity that looks suspicious and a genuine threat. Over-relying on automation reduces the need for human experts, which means an organization might have fewer experts who fully understand the system. This can be dangerous if things fail or are compromised.”

Reliability is always a concern when using automation to bolster cyber resilience. “Like any technology, automated systems can fail. Overreliance without redundancy can lead to exposure when these systems experience downtimes,” Amos said.

Becoming cyber resilient: awareness

When it comes to cyber resilience, the biggest difference now from three or four years ago is awareness. “Companies understand they can’t fight off all attacks and some will get in. Depending on what kind of plan they have and how they approach it, remains up to the individual company,” said Hale.

Hale said that organizations’ approach must shift from a futile quest for absolute invulnerability to a more realistic strategy of resiliency in which they can control the impacts of failures. Resilience means organizations need to identify the most critical assets and determine what they find as an acceptable return to operations. “Today, organizations are more aware and more tuned into the idea that attacks are going to happen so they better be protected and then understand—and have a plan—as to what they should be doing and what should happen if an attack makes it in and starts to create issues. This is also where quality segmentation and micro segmentation come into play… Three years ago, they were running around putting out fires and trying to ward off attacks. Today, companies have realized attacks are going to happen, so let’s figure out what are the most important areas we need to protect and then create a plan around that.

“Industry is maturing in its understanding of cybersecurity. Gone are the days of lacking broad attention for the topic when it was viewed as a technical issue rather than a strategic one,” said Tonkin. “Today, the subject of managing cyber risks to improve operational integrity and resilience is becoming much more aligned with the overall risk management of organizations. This maturation in approach reflects a deeper understanding of the interconnectedness between cybersecurity and business continuity. Organizations are now more proactive in identifying and protecting critical assets, assessing vulnerabilities and implementing comprehensive cybersecurity measures that support resilience. This includes not just technological solutions but also organizational and procedural changes to enhance the ability to withstand and recover from cyber incidents.”