Over the years I’ve had hundreds of thought-provoking conversations with utility CISOs and other industry security professionals. Heck, I was a utility CISO myself at one time, so I know the territory. In these lively discussions—which can transform into good-natured debate—familiar topics are always in order. IT-OT convergence. Infrastructure threats. Vulnerability management. Threat hunting. Leading-edge technologies.
Almost inevitably, conversations steer toward the subject of physical security, which too seems to follow a familiar path. Cyber-physical coordination. Organizational siloes. Different methods. Different lexicons. Once in a while, I like to pose a slightly provocative question such as, “Do you, as the cybersecurity leader, really know what’s most critical to your utility’s operations and what’s at most risk of disruption, degradation or destruction?” “Not entirely, to be candid,” is a frequent response.
Addressing cyber-physical risks requires visibility
And therein lies a significant, but often unrecognized problem. Few would argue against the need for cyber-physical security partnership and tailored cybersecurity protections in operational technology environments. Such measures are, obviously, two among many needed steps to stay abreast of a continually shifting and steadily advancing threat landscape.
+Info and Source: https://bit.ly/2p8CiVu