Navigating the Storm: Strengthening OT Cybersecurity

The surge in cybersecurity threats targeted at Critical Infrastructure and cyber physical assets has become a pivotal concern for heavy industries. With incidents on the rise, are your defenses fortified to weather the storm?

The National Institute of Standards and Technology (NIST) has taken a pivotal step forward with the release of the Cybersecurity Framework (CSF) 2.0. This update is not just a progression; it's a transformation that places cyber risk management at the forefront, aligning technical cybersecurity measures with strategic cyber risk governance.

Recent developments highlight the escalating focus on OT cybersecurity:

  • Intensifying Cyber Threats: As heavy industries become prime targets, understanding the evolving threat landscape is critical.
  • Legislative Spotlight: Congressional hearings underscore the urgency for robust cybersecurity in critical infrastructure.
  • Regulatory Evolution: The new SEC cybersecurity regulation, S/K item 106 in the US, aligns with Europe’s NIS-2, signaling a shift towards stringent compliance standards for the reporting of cyber risk governance.
  • Standards and frameworks: NIST CSF 2.0 and executive orders on cybersecurity, including ports and the maritime sector, set a new bar to ensure the protection of cyber assets and network connected equipment.
  • Advisory Insights: The President’s Council of Advisors on Science and Technology (PCAST) emphasizes strategic frameworks for cyber-physical resilience.

At DeNexus, we commend the collective efforts of policymakers, industry groups, and the OT community in spotlighting cybersecurity. This united front is instrumental in strengthening cyber resilience of the critical infrastructures that underpin our global economy and everyday life.

It’s worth noting that these initiatives all converge towards elevating cybersecurity to a business level and managing cyber risks the same way other business risks are managed: with evidence, financial metrics, and what if analysis.

This elevation is also a necessary step to unlock the next step towards strengthened cyber resilience. Cybersecurity awareness needs to be built at all levels of the organization: from the board of directors to every employee, partner and contractor. Specifically, decision makers need to have access to financial metrics that support data-driven decisions on investments related to cybersecurity.

While it has always been difficult for cybersecurity vendors to show the return on investment (ROI) of their solution (when cybersecurity works, nothing happens), there is a path to model and quantify cyber risk.

This is exactly what DeNexus focuses on for OT environments in energy, transportation, hyperscale data centers, manufacturing, and other industrial sectors. To date, we have built unique models for each of these sectors leveraging the Fair Institute taxonomy and the ATT&CK MITRE framework to calculate key risk metrics such as: Value at Risk, Most Probable Loss, Main Types of Potential Loss, Main Drivers of Potential Loss, Loss Exceedance Curve and more.

A great deal of AI-powered analysis and modeling has been built into our DeRISK platform to ingest and make send of outside-in and inside-out data. The output is an executive report for CISOs to engage with their CFO and the board, empowering them to drive meaningful conversations about cybersecurity, budget priorities and expected ROI for such investments. A tailored version is available to address the new SEC regulations on cybersecurity (S-K item 106).

DeNexus simplifies the path towards cyber risk quantification even further by offering a free version of our DeRISK platform with the basic capabilities you need to estimate cyber risks at one site. Don’t wait, get started today and contact us.