OT Cybersecurity Labs: Benefits and Use Cases
WA visited EY's OT/IoT Cybersecurity Lab in Warsaw. The following insight outlines the benefits of using highly specialised off-site environments to design and test OT cybersecurity programs.
Industrial facilities are intricate and dynamic operating environments, typically encompassing numerous processes dependent on a diverse array of hardware and software. Understanding the relationships between these industrial assets and processes, and evaluating the corresponding threats and vulnerabilities, presents a complex challenge. In addition, operators of these assets are concerned with plant availability and safety, with the goal of minimising operational interruptions. They are therefore often reluctant to pause operations for risk assessments or introduce new, untested security solutions.
Operational Technology (OT) Cybersecurity Labs are a solution to these challenges. They are specialised environments designed to replicate the unique systems and network configurations found in industrial and critical infrastructure, such as power plants and manufacturing facilities. In these labs, cybersecurity professionals can safely test and validate security solutions, identify, and analyse system vulnerabilities, and develop strategies to protect against cyber threats before deployment in the field.
There are not many OT Labs though they are growing in number and maturity due to the growing recognition of their value from accelerating risk analysis to testing and simulation in a safe and controlled environment. However, it is not an either or scenario. Asset Owners utilising OT Labs often benefit from a hybrid approach, blending on-site evaluations with testing in a synthetic environment, thereby reducing time onsite whilst shifting the testing and simulation off-site.
There are several outcomes that Asset Owners should consider when evaluating whether using an OT Cybersecurity Lab is the right approach for their business.
- Time. The potential of the OT Lab to accelerate time to deployment.
- Innovation. The value gained from generating new ideas and innovations.
- Resilience. The improvement to the security posture.
- Financial. The cost comparison between utilising an OT Lab and deploying consultants onsite.
Asset Owners should also consider whether the OT Lab has the right blend of people, technologies, and services. A premier OT Lab distinguishes itself through its facility setup, its inventory of industrial hardware and software, and the knowledge and experience of the personnel. Leading labs offer an array of services aimed at maturing an Asset Owner’s security program, from understanding operational risks to enhancing cybersecurity competencies and they will have an extensive list of case studies. Asset Owners that are seeking a partner that can provide lab services across the lifecycle of a security program should expect the following capabilities.
- Operational management. Replicating real-world industrial systems using a variety of sensors, PLCs, and hardware to simulate operations and assess the impact of disruptions, integral to risk assessment.
Risk and vulnerability analysis. Identifying weaknesses in hardware, software and governance processes through rigorous testing and simulation.
Security solution testing. Evaluating security solutions in a simulated environment before field deployment.
Skills development. Providing a risk-free space for clients to refine their security management capabilities
Research and Innovation. Facilitating the development and improvement of security technologies, policies, and procedures.
Collaboration. Fostering a space for diverse stakeholders to share insights and best practices.
The culture of an OT Cybersecurity Lab is crucial to the success of client engagements, and this starts with the vision and standards set by the leadership team. The rapid evolution of technology and the increasing digitisation of manufacturing operations necessitate a forward-thinking approach to cybersecurity to anticipate and mitigate emerging operational challenges and threats. OT Labs should be environments not just for testing and training, but also for accessing a broad spectrum of expertise to tackle diverse challenges, from regulatory changes to the impact of AI on manufacturing.
The EY OT Cybersecurity Lab in Warsaw provides customers with the facilities and security expertise to improve its security operations and prepare for the future. The OT Lab consists of a wide range of PLCs, RTUs, and other industrial appliances which can be configured to simulate different operations. Complementing the OT Lab is EY’s adjacent OT SOC, offering enhanced problem-solving capabilities and incident response through the combined expertise of SOC analysts and OT engineers.
In addition, there are a further 200 onsite cybersecurity and risk specialists, bringing an array of expertise from regulation, to change management and quantum encryption. It is this combination of skills and knowledge, combined with the technologies in the OT Cybersecurity Lab, that offers Asset Owners a unique environment to assess its security strategy.
OT Cybersecurity Labs like EY’s in Warsaw are critical in addressing the security needs of industrial operations. They offer a comprehensive approach to managing current and future security challenges, providing a space for testing, training, and access to a wide array of expertise.