Events , Governance & Risk Management , GovWare

CISOs Must Own OT Security in Industry 4.0 Era

OT-ISAC Chair Steven Sim on Why Legacy Systems Need Modern Security Architecture
Steven Sim, chair, executive committee, OT-ISAC, and CyberEdBoard member

The convergence of OT and IT in Industry 4.0 has created new cybersecurity challenges that demand attention from CISOs. This evolution has transformed previously isolated OT systems into connected networks that interface with critical business functions, expanding the attack surface and introducing new vulnerabilities that organizations must address.

See Also: Make Zero Trust Happen

In today's interconnected industrial environment, seemingly harmless IoT devices can become entry points for cyberattacks, as demonstrated by a case where a fish tank thermometer led to a casino breach, said Steven Sim, chair, executive committee at OT-ISAC, and CyberEdBoard member.

CISOs are expected to monitor threat modeling, MITRE attack framework for OT and IT systems, and whether the controls they are putting in place align with the enterprise risk appetite, Sim said. "It's important for CISOs to understand that even though much of the OT may not be their business-critical functions, many of them are still connected to the same networks that link to their business functions."

In this video interview with Information Security Media Group at the GovWare Conference and Exhibition 2024, Sim also discussed:

  • The differentiation between accountability and responsibility in OT security governance;
  • How secure-by-deployment strategies help protect legacy systems;
  • The implementation of zero trust architecture to prevent lateral movement.

Sim is a cybersecurity veteran specializing in IT and OT security governance, risk management and incident response. With more than 27 years of experience leading global cybersecurity initiatives, he develops security standards and drives strategic cyber programs. He is a member of the CyberEdBoard.


About the Author

Geetha Nandikotkur

Geetha Nandikotkur

Vice President - Conferences, Asia, Middle East and Africa, ISMG

Nandikotkur is an award-winning journalist with over 20 years of experience in newspapers, audiovisual media, magazines and research. She has an understanding of technology and business journalism and has moderated several roundtables and conferences, in addition to leading mentoring programs for the IT community. Prior to joining ISMG, Nandikotkur worked for 9.9 Media as a group editor for CIO & Leader, IT Next and CSO Forum.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.asia, you agree to our use of cookies.