By Tony Burton, Managing Director – Cyber Security & Trust at Thales in the UK

The main trends that I expect to see for the operational technology security domain over the next year are threefold: there is an element of the threat evolving, an element of how people are responding to this threat and there are the ways in which operational technologies are being used and how this is likely to change going forwards.

The Threat

I don’t think that there’s anybody in the world that doesn’t recognise that the risk of cyberattacks is increasing. The geopolitical landscape is really challenging right now and what we’re seeing from our threat intelligence is that there is increased activity across all of the critical national infrastructure sectors and I don’t see that this will change in any way. The Thales 2022 data threat report, for example, found that malware and ransomware are the leading sources of security attacks for critical infrastructure organisations. The threat is becoming more complex, more accessible and I see this continuing as an upward trend.

The Response

From the response perspective, we are seeing more and more businesses now engaged with operational technology security and resilience programmes. Business are typically going through a cycle where the first stage is to understand and map out what they have in their estate. After this, it is about understanding the extent of the risk and how you close the risk gap before you move on to the detection and response capabilities so that you can respond to, and recover from, any events that might happen in an organisation.

It is good to see that there are many companies now engaging in this process. Some companies are at much earlier stages than others, but I see this continuing to mature over the next year and beyond.

The Use of Operational Technology

Increasingly, we are seeing operational technology become more interconnected and, therefore, interdependent. Previously, sectors such as automotive and energy lived in isolation and for many years this was a position of comfort. However, with the increased uptake of electric vehicles and the general energy supply and demand characteristics becoming more challenging, there is a clear need to share information. This required information relates to energy generation, transmission, distribution and storage, as well as the electric vehicles themselves in order to enable the adaptive system to cope.

In order to balance the energy supply and demand equation we must also be able to trust the data. We need to have confidence that it is being shared within trusted communities that change constantly as vehicles and energy infrastructure components are connected and disconnected from the system. The move towards this trusted information-based security architecture will be essential as more complex and interdependent systems are developed. From an operational technology perspective, trust and resilience needs to be incorporated into the design of vehicles, as well as the power generation, distribution and consumption components of the model. All of this is becoming one large, complex operational technology ecosystem. Over the next 12 months, I expect to see an increase in the use of such complex ecosystems, which will require fresh imagination when it comes to their approach to information-based cyber security architecture.