Keywords
Manufacturing, OT security, MSSP, maturity level, skills shortage, buzzwords, zero trust, IT/OT convergence
Summary
OT security researcher Ben Book takes an unapologetic view on the state of OT security in manufacturing. He doesn’t blame anybody but provides a clear analysis of business dynamics and offers what many lack when talking OT security solutions: the right questions.
Takeaways
OT security vendors are typically 10 years ahead of the market.
SMEs and large enterprises face different challenges.
There is a large a chance in manufacturing to modernize OT but it can feel overwhelming. It’s hard to prioritize.
Critical infrastructure has more budget due to (partly) governmental funding while in manufacturing the margins are thin and so are the security budgets.
Absorbing OT into IT can be a dead-end because it’s such different businesses.
Manufacturing companies will start to reflect the responsibility for OT security back to the vendors.
Machine and ICS vendors can use integrated OT security as a differentiator in a tight market.
Vendors and end users need to communicate to agree on a profitable level of OT security for both sides.
Zero Trust is a hot topic but hard to actually implement.
It doesn’t help organizations if vendors and (market) research companies come up with new buzzwords every other day.
Innovation moves fast. What used to be hard-to-deploy OT security measures a few years ago have become really easy today.
OT security needs to be easy to handle, otherwise it won’t be implemented.
SMEs can profit from working with partners and Managed Security Service Providers (MSSP) to be able to build and manage OT security with their small teams.
The OT security market can be difficult to grasp because it so diversified.
Sound Bites
The small, medium enterprises don't have the resources and tools to mature as much as they would like to, and the large enterprises just can't move as fast as they want to.
OT security is just a massive gap, and it's so critical to any infrastructure across the globe. The opportunity is so large to modernize, but it's so large it's so hard to tackle.
Manufacturing organizations are some of the highest attacked verticals because they have no security.
We work with a lot of organizations that are very large organizations that are just not modern.
The other good thing about legacy is it's hard to attack. If I – on the floor – can't manage it, how is someone going to get into it?
I wish there was a buzzword you could simply buy and implement. Unfortunately, it doesn't work that way.
Whether big or small, the first step for companies is to understand what you actually have and how it is connected.
There’s no one-size-fits all strategy. Some want to DIY, some want to work with vendors, others with MSSPs. It depends on your staff, skills and strategic priorities.
OT security service are key for small teams and fast implementation.
Chapters
00:00 Introduction
00:35 About the OT security maturity levels of companies
03:48 Why OT security is moving slow in manufacturing
08:50 How vendors could make profit with integrated OT security offerings
11:59 Stop the buzzword war
14:00 First steps in OT security for a medium-sized manufacturer
17:00 How to face the challenge of skills shortage
19:21 Platform solutions vs combined product / service offerings