Last year we had the pleasure of having Dale Peterson, ICS security specialist, close out our first annual Operational Technology (OT) cybersecurity summit, Operation: Next. He captivated the audience with his thought-provoking presentation on the future of OT cybersecurity and the importance of reducing the security burden on those who interact with ICS/OT systems.

Peterson brought to light that our heavy reliance on employees to ensure security program effectiveness ultimately puts organizations at risk. He proposed that rather than trying to get operators, engineers, technicians, etc. to participate more in OT cybersecurity, companies should find ways to remove them from being the source of a program’s success. His poignant analogy said it best: we should find ways to make security programs less like seat belts (they only prove effective if you use them) and more like airbags (they are always on ready to deploy with no human intervention).

He also discussed the ineffectiveness of measuring security program success based on activities rather than on actual risk reduction. As an example, Peterson highlighted patching. A security team can spend considerable effort applying the hundreds, even thousands of asset-owner patch combinations. However, if the activity never moves the needle to reduce risk, what is the point.

<<< Start >>>

OT and ICS security—The art of the possible

View Transcript

<<< End >>>

Watch the full session here >
 
In both of Peterson’s “call to action” suggestions, he references the importance of automation – a critical need in the overly manual ICS/OT world.

I’m certain his presentation was a catalyst for improvements for many organizations who attended our Operation: Next:22 summit. Guiding change is one of the objectives of our event, which brings together clients, industry luminaries and Accenture thought leaders to discuss trending topics and pressing challenges unique to cyber securing OT networks.

This year’s summit, on March 23, will be no different. With tracks designed for executives and technologist, both audiences will come away with practical, real-world solutions and “next step” advice on how to secure operations and build resiliency within critical infrastructure organizations.

Some noteworthy topics at this year’s event include:

    • Tackling the hiring challenge – How do you find and retain top security talent?
    • Navigating the booming vendor landscape – With thousands of new security technologies available, where should you invest your money and confidence?
    • Centralized but blind—What’s now, what’s next? – How can innovation play a role in bridging the gap from centralized to operationalized?
    • Why security metrics matter – How do leading organizations measure cyber resilience, and communicate those metrics to stakeholders to drive improvements?
    • Resiliency—what does good look like? – What does it take to mature your defense and resiliency posture?
    • Architecture’s impact on risk and safety – How to ensure your security architecture addresses third-party vendors risk.

I invite you to join us on March 23. I think you will find it to be one of the most powerful and influential events you attend this year.

<<< Start >>>



<<< End >>>

Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Follow us @AccentureSecure on Twitter, LinkedIn or visit us at accenture.com/security.

Accenture, the Accenture logo, and other trademarks, service marks, and designs are registered or unregistered trademarks of Accenture and its subsidiaries in the United States and in foreign countries. All trademarks are properties of their respective owners. All materials are intended for the original recipient only. The reproduction and distribution of this material is forbidden without express written permission from Accenture. The opinions, statements, and assessments in this report are solely those of the individual author(s) and do not constitute legal advice, nor do they necessarily reflect the views of Accenture, its subsidiaries, or affiliates. Given the inherent nature of threat intelligence, the content contained in this report is based on information gathered and understood at the time of its creation. It is subject to change. Accenture provides the information on an “as-is” basis without representation or warranty and accepts no liability for any action or failure to act taken in response to the information contained or referenced in this report.

This document makes reference to marks owned by third parties. All such third-party marks are the property of their respective owners. No sponsorship, endorsement or approval of this content by the owners of such marks is intended, expressed or implied.

This document is produced by consultants at Accenture as general guidance. It is not intended to provide specific advice on your circumstances. If you require advice or further details on any matters referred to, please contact your Accenture representative.

Copyright © 2021 Accenture. All rights reserved.

Jim Guinn

Senior Managing Director – Security, Strategy & Consulting Lead, Accenture

Subscription Center
Subscribe to Security Blog Subscribe to Security Blog