Finding the Right Strategy for Implementing OT SecurityImprove Cyber Hygiene by Spreading Awareness, Advises CISO Hitesh Mulani
OT and SCADA security must be designed around protecting system availability, understanding OT-specific protocols and blocking attacks that target legacy systems commonly used in OT environments. CISO Hitesh Mulani of Mahindra & Mahindra shares advice on implementing OT security.
Mulani, who along with his team developed and implemented the entire OT security framework at four large automotive and tractor plants, said that coordination is important to overcoming this mammoth challenge.
"One of the most important aspects of OT security is the synergy between your manufacturing execution system teams and your security teams," he said.
Mulani, who received Information Security Media Group's Dynamic CISO Excellence Award in the Visionary CISO category, said he is focused on breaking down the myths of OT security.
"I've offered a lot of my peers an insight into our setup to walk them through our journey so that more of them can believe in it and invest in it," he said. "It doesn't matter if the rest of the world is not doing it. If you believe it's hygiene and will help upkeep production and provide security, it's important to do."
In this video interview with Information Security Media Group at ISMG's Dynamic CISO Excellence Awards and Conference, Mulani discusses:
- How to put the latest security practices in place in an OT environment;
- Why product sprawl is such a problem and how to address it;
- The best strategy for creating a skills development program.
Mulani heads the entire cybersecurity and privacy function at the Mahindra Group of companies, except for Tech Mahindra. He is responsible for reviewing the business strategies of each of the existing and emerging companies and ensuring the rollout of the right set of processes and technologies to protect their environments. Mulani has over two decades of experience in managing information security and has been at Mahindra & Mahindra for over four years. Previously, he worked at other firms including Yes Bank, Ernst & Young, and Bennett Coleman and Co. Ltd.