ISACA and the International Society of Automation Issue Call to Action
Rolling Meadows, IL, USA (18 July 2016)—The convergence of information technology and operational technology is a business imperative to improve information security, according to new guidance from global IT association ISACA and the International Society of Automation (ISA).
The guide, “The Merging of Cyber Security and Operational Technology,” resulted from a joint investigation by ISACA’s Cybersecurity Nexus (CSX) and ISA to explore security issues and opportunities in industrial systems and the industrial internet. The growing number of industrial control cyber breaches has heightened information security on the executive management agenda, according to the guide.
“The Merging of Cyber Security and Operational Technology”can be accessed as a free download at http://www.isaca.org/cyber-ot.
“Complexity is a major impeding factor in any attempt to establish cybersecurity capability,” said Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, ISACA Board chair and group director of information security for INTRALOT. “Taking into account the critical importance of OT and its increasing need in cybersecurity, bringing IT and OT together is a fundamental step in addressing cyber threats, as well as to increase overall performance and decrease expense.”
The guide characterizes IT as “responsible for the systems that collect, transport and process data that provide information to the business,” while OT “generally comprises the systems that handle the monitoring and automation of ICS through supervisory control and data acquisition (SCADA) systems attached to distributed control systems (DCS).”
The lack of alignment between OT and IT creates a climate ripe for attacks on critical infrastructure and SCADA systems that monitor and gather data in real time to remotely control equipment and conditions. Organizations that integrate OT and IT should experience seven benefits, according to ISACA and the ISA:
- Reduced operating costs through the elimination of redundant processes and resources
- Increased control over distributed operations
- Improved security through an integrated approach for cybersecurity across both categories
- Consistent risk management across technology domains
- Improved governance and management of systems
- Improved overall plant safety (it cannot be safe if it is not secure)
- A continuous process of “assess, implement, maintain and repeat.
Those results can be achieved if IT and OT work together as a cross-functional unit, understanding each other’s systems and the value each brings to the organization. The guide offers criteria for full convergence that includes IT and OT systems leveraging common standards, risk and governance approaches, and operating as one business unit with common objectives. This level of coordination requires employees from IT and OT be cross-trained and strong change management processes to be in place.
A free webinar, “IT/OT Convergence and Industrial Cybersecurity,” will take place 20 July 2016. Attendees who are members of ISACA can earn one continuing professional education (CPE) credit. To register, visit http://www.isaca.org/Education/Online-Learning/Pages/Webinar-ITOT-Convergence-and-Industrial-Cybersecurity.aspx.
ISACA® (isaca.org) helps professionals around the globe realize the positive potential of technology in an evolving digital world. By offering industry-leading knowledge, standards, credentialing and education, ISACA enables professionals to apply technology in ways that instill confidence, address threats, drive innovation and create positive momentum for their organizations. Established in 1969, ISACA is a global association with more than 140,000 members and certification holders in 187 countries. ISACA is the creator of the COBIT framework, which helps organizations effectively govern and manage their information and technology. Through its Cybersecurity Nexus (CSX), ISACA helps organizations develop skilled cyber workforces and enables individuals to grow and advance their cyber careers.
Joanne Duffer, +1.847.660.5564, firstname.lastname@example.org
Kristen Kessinger, +1.847.660.5512, email@example.com
Jay Schwab, +1.847.660.5693, firstname.lastname@example.org
The International Society of Automation (www.isa.org) is a nonprofit professional association that sets the standard for those who apply engineering and technology to improve the management, safety, and cybersecurity of modern automation and control systems used across industry and critical infrastructure. Founded in 1945, ISA develops widely used global standards; certifies industry professionals; provides education and training; publishes books and technical articles; hosts conferences and exhibits; and provides networking and career development programs for its 36,000 members and 350,000 customers around the world.
ISA owns Automation.com, a leading online publisher of automation-related content, and is the founding sponsor of The Automation Federation (www.automationfederation.org), an association of non-profit organizations serving as “The Voice of Automation.” Through a wholly owned subsidiary, ISA bridges the gap between standards and their implementation with the ISA Security Compliance Institute (www.isasecure.org) and the ISA Wireless Compliance Institute (www.isa100wci.org).