Beating the OT Security Skills Gap Amid Rising Cyber Threats

When it comes to the future of OT cybersecurity, the outlook is ominous.

There are, of course, some positives to consider. In general, the cybersecurity workforce is growing (by almost 9% in the last year alone!).

The bad news: It’s not growing fast enough to fill the rising number of open positions—or to combat growing numbers of cyber threats. Moody’s Analytics reports that, in the past five years, the number of publicly reported cyber incidents has doubled. If these critical roles remain unfilled, then organizations and people will face higher risk of data breaches, unplanned downtime, privacy violations and financial fraud.

The report also details these critical statistics:

• Cyber incidents have “substantial, statistically significant and persistent negative impact” on company value.
  
  
• There’s an obvious connection between cybersecurity performance and rises in reported incidents.

Companies say they’re already feeling the effects of the ever-shrinking workforce. In The Life and Times of Cybersecurity Professionals, published by Enterprise Strategy Group in 2023, 71% of organizations report impacts from the shortage. And 67% of surveyed cybersecurity professionals say their organizations lack cyber staff to prevent and troubleshoot cyber-threat issues.

Although these numbers are daunting, the situation is even more dire in OT cybersecurity. Because these professionals must have specialized expertise in specialized industrial control systems and physical infrastructure processes, they’re harder to find.

There’s no easy way out of this conundrum. The problem is too big and too complex to be solved through recruiting, hiring or training, because there aren’t enough qualified employees in the workforce to fill these roles. But that doesn’t mean there aren’t solutions.


For example, automation and technology can help cybersecurity professionals be more effective and efficient so they can focus on strategic work—reducing and responding to cyber threats—instead of manual tasks. Let’s take a look at how this can be done.

Streamline Security Response

Incident response isn’t simple or straightforward, due in part to the complexity and diversity of systems. OT environments are made up of a wide variety of architectures, protocols and proprietary components. This makes it difficult to create standardized incident response procedures. Today, when a cyber threat appears or an incident occurs, most security professionals must chase down how to respond.

The language of security is complicated, too, which prevents valuable conversations about it. Complexity makes it intimidating for others to get involved or help address issues.

Monitoring 24/7 is critical to simplify the complex. It ensures that network performance and access are always being evaluated—and that data is readily available. Anomalies can be reported to the right place upon detection for further investigation.

When a cyber threat is identified, the appropriate way to fix it should also be at the worker’s fingertips. Remediation guidance should be accessible and live close to the problem.

Look for vendors that offer simplified interfaces and take a general approach to security. This removes unnecessary work associated with accessing systems, reviewing logs and reports, etc. It also makes it easier for others in the organization to support the cyber team’s efforts (through participation in education that prevents accidental insider threats, for example).

Simplify System and Network Designs

When possible, look for ways to simplify and standardize network design, firewall rules, physical layout, etc. This ensures simple yet effective security.

Remember: “Simplified” doesn’t always mean “simple.” Instead, simplification is about removing roadblocks; breaking down processes and concepts into smaller, more digestible pieces; and making things easier to understand.

Some examples:

• If you can do the job with one piece of hardware instead of three, use one (as long as it provides everything you need.) For example, Hirschmann’s Industrial HiVision network management software can help you support management of network devices, simplify device replacement and enhance network visibility.
  
  
• Put measures in place to prevent and avoid revisiting or rework. This can mean using modern technology with proper access controls and standardized security measures, as well as clearly defining roles for IT, OT and external partners.

If your team doesn’t have the skills to do these things, bring in an advisor who understands industrial networking and cyber threats. That’s one way to increase manpower without having to recruit and hire more staff.

Integrate Tools to Eliminate Siloes

Integration helps eliminate siloes, enable holistic overviews and enable automation. Integrating cybersecurity tools results in fewer touchpoints and repetitive tasks. For example, integration with Active Directory means you don’t have to manually add users from scratch to every system.

It also reduces the likelihood of human error, which removes the opportunity for security risks. For example, most outages related to human error are caused by people who ignored procedures or followed inadequate procedures.

Tools should not only be integrated with each other, but also with the business. IT and OT can learn from one another and share best practices. For example, these groups can work together to recognize disparities, implement effective security measures tailored to each environment and apply practices holistically to protect critical infrastructure.

Artificial intelligence (AI) can support these efforts, helping you automate network intelligence by completing tasks like analyzing for misconfigurations and vulnerabilities, as well as system mapping to understand system-wide weaknesses and prevent incidents.

Consolidate Partnerships to Minimize Vendor Sprawl

Finally, consider consolidating vendors. This offers many benefits:

• Fewer contracts and relationships to manage, simplifying procurement
• Clearer communication channels that lead to improved collaboration and problem-solving
• Easier auditing and monitoring of vendor performance
• Simplified interoperability and integration
• Centralized and consolidated information
• Streamlined budgeting

It also helps reduce misconfigurations and incompatibility, so there’s less finger pointing between vendors and more time for strategic security practices.

Educating the Next Generation

Instead of focusing on recruiting and hiring, make sure you prioritize training the next-generation cybersecurity workforce that’s already in place, and taking steps to simplify what they do so they can respond to cyber threats. This will make the existing workforce as effective and efficient as possible.

Belden believes in making OT and OT cybersecurity professions as attractive as possible. If you have questions about how to create an OT environment that supports up-and-coming workers, we’re here to help.

Related resources:

• Is Your Operational Technology a Gateway for Cyberattacks?
• 6 Best Practices to Advance OT Security Amid IT-OT Convergence
• IT Security vs. OT Security: What Are The Key Differences?