The 2023 ARC Industry Forum brought together leaders and innovators from across manufacturing, energy and other critical infrastructure sectors. The presentations showcased how the best and brightest in these industries are transforming operations and cybersecurity. Digital transformation, automation, OT/IT convergence and collaboration, energy transition, and sustainability were key topics at the event, and cybersecurity was woven throughout.
Rahayu Ramli, Head of Cyber Strategy and Architecture at PETRONAS, speaking on a panel with Xage CEO Duncan Greatwood and other industrial cybersecurity leaders at ARC Industry Forum 2023
Theme 1: Business drives the Digital Journey. Cybersecurity needs to evolve to support OT/IT Convergence.
“We’re not trying to meld the two environments. They’re two clearly different environments with different objectives. But then where do we put the similarities together for us to be able to operate in a seamless manner across IT and OT, and what does that mean for cybersecurity?” Rahayu Ramli, Head of Cyber Strategy and Architecture, PETRONAS
The convergence of OT and IT is not “news” to anyone who works in industrial cybersecurity, but, too often, it takes center stage in the conversation. In reality, OT/IT convergence is a byproduct of the digital journey. All choices to pull IT and OT together should be underpinned by the needs of the business itself. One session at the ARC Industry Forum did a fantastic job of exploring this dynamic, and outlining both the high-level processes and the deeper details of how to actually pull off OT/IT cybersecurity collaboration as part of a longer digital journey. The session was called “Modernizing Remote Access and Enabling Collaboration with Zero Trust” and was delivered by Rahayu Ramli on behalf of PETRONAS, a global energy company. Ramli started the presentation off by noting that PETRONAS intentionally avoids the word “transformation” when talking about their digital journey, because it implies that there is an end state to be achieved, rather than a continuous journey of improvement.
The session focused heavily on two strategic objectives:
- Building resilience by knowing where risk exposures are, protecting the enterprise, and being able to respond and recover as incidents occur
- Being proactive by seeking out who might be targeting PETRONAS, both known and unknown threats, and implementing new security technology capabilities.
Listing protection first, before detection, response, and recovery, was no accident. PETRONAS and other organizations on the cyber-hardening journey are recognizing more and more that proactive security means shifting emphasis to protecting assets against attacks in the first place, rather than over-emphasizing detection of attacks already in progress. Crucially, these objectives drove a mandate of shared accountability across IT and OT at the company. Ramli listed four core requirements share across OT and IT:
- Oversee and drive cyber security strategy
- Drive cyber security governance and services
- Anticipate emerging threats and manage ongoing incidents
- Build a cyber security culture across PETRONAS
These goals and tenets are driving a multi year strategy as PETRONAS proactively moves toward having digital and cyber concerns hard coded into their business DNA. Ramli summarized it perfectly during her presentation, stating that “one of the things we have learned at PETRONAS is that the idea is not to crash the two environments together, but to see how we can actually bring them together with the objective of serving the organization…Ultimately everything we have done with cybersecurity is underpinned by what is required by the business.”
PETRONAS provides an excellent example for other organizations to follow as they pursue the mutual goals of digital transformation and cybersecurity culture across OT, IT, and the rest of their businesses.
Xage CEO Duncan Greatwood participated in a panel discussion with Ramli, following the presentation, discussing the need for purpose-built tools to deliver secure remote access and identity-based access management for OT, since IT-centric tools do not offer an acceptable level of security for industrial settings.
The presentation is available to view as a recording.
Theme 2: Industry 4.0 Is here, and digitization of operations is making cybersecurity both harder and more important than ever
As usage of Industrial IoT and increased automation drive ever more connectivity between operational technology, information technology, and the cloud, manufacturers are poised to make massive leaps forward in productivity and efficiency. But it comes at the cost of rapidly escalating security challenges and expanding attack surfaces that must be addressed. Manufacturers are being targeted by cyberattacks at a higher rate than any other industry. The intersection of operational improvement, digital transformation, and cybersecurity cannot be ignored.
Even if you missed us at the ARC Industry Forum this year, you can read our ongoing perspectives and analysis about industrial cybersecurity and digital transformation on the Xage Blog any time.