Security News > 2022 > June > OT security: Helping under-resourced critical infrastructure organizations
In this Help Net Security interview, Dawn Cappelly, Director of OT-CERT at the industrial cybersecurity company Dragos, talks about the OT security risks critical infrastructure organizations are facing, offers advice on how they can overcome obstacles that prevent them improving their cybersecurity posture, and explains how the recently set up OT-CERT she's heading can help asset owners and operators of industrial infrastructure.
Although frameworks and best practices are emerging in OT security, organizations usually need to rely on OT security experts to assist in these assessments and remediation recommendations.
The OT security field is much less mature, lacking people with OT security experience, established best practices and frameworks, and with a much smaller selection of security technologies.
Historically, IT and OT have worked independently on security, with OT engineers overseeing security in the OT environment where it was not as critical due to lack of or limited connectivity to the internet and to the enterprise.
While there are some free resources available for IT security in small businesses, I could not find any free resources for them to create a minimum level of security in their OT environments.
Security teams can point their vendors that do not meet their OT security requirements to OT-CERT and other free resources for IT security in small businesses.
News URL
https://www.helpnetsecurity.com/2022/06/27/ot-security-critical-infrastructure/
Related news
- The story behind the Health Infrastructure Security and Accountability Act (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Major security audit of critical FreeBSD components now available (source)
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks (source)
- Critical security hole in Apache Struts under exploit (source)