Your operational technology systems may be more vulnerable than you think
In July 2023, the port of Nagoya in Japan was hit by a ransomware attack that forced a network shutdown and caused data loss — disrupting port services and associated business operations for three days.1
Cyberattacks such as this demonstrate the vulnerabilities when operational technology (OT) and information technology (IT) converge with a consequent increase in endpoints and are not adequately segmented — increasing the risk of significant business disruption and physical damage to hardware, triggering financial loss and liabilities, regulatory penalties, and reputational damage when cybersecurity incidents occur.
Is your organisation at risk? Those with ageing hardware and legacy operating systems are especially vulnerable, as are organisations with IT and OT teams working in silos. Taking a comprehensive and validated cybersecurity assessment on your OT and industrial control systems (ICS) is the most effective way to identify gaps that serve as ‘open doors’ for cyberattackers to strike.
Introducing Marsh Asia’s Operational Technology Cyber Health Check
Developed based on leading practices including the NIST Cyber Security Framework, NIST 800-82 (ICS Security), ISO/IEC 27001 and ISA/IEC 62443 standards, Marsh Asia’s Operational Technology Cyber Health Check is a comprehensive, 4-stage assessment designed to help your organisation reinforce the resilience of its OT and ICS and achieve these four key outcomes:
- Assess the implementation and effectiveness of your cybersecurity controls.
- Document good practices and areas for improvement.
- Obtain recommendations to improve your cybersecurity posture.
- Streamline information gathering to address insurer queries.
Stage 1: Identify
- Determine project scope and objectives
- Identify key stakeholders
- Create inventory of OT and ICS systems
Stage 2: Assess
- Tailor assessment based on knowledge gathered
- Review security protocols
Stage 3: Validate
- Conduct on-site workshops and inspections
- Evaluate physical assets, controls and endpoints
Stage 4: Evaluate
- Comprehensive report of cybersecurity gaps and vulnerabilities
- Justification for next steps for improvement
- Communication and alignment with management
Beyond helping to improve your cybersecurity posture and resilience of your OT and ICS, our specialists’ recommended actions can help you formulate a roadmap for more robust enterprise risk management (ERM) and better address insurer queries amidst challenging market conditions or tightening terms and conditions by insurers.
Case study: How a major data centre operator in North Asia enhanced cyber resilience and avoided business interruptions
Problem:
A business which recently acquired a hyperscale data centre in North Asia was concerned about the adequacy of cybersecurity controls implemented by former owners. Modern data centre infrastructure combines multiple technology systems that work together, resulting in a larger attack surface and increasing the complexity of vulnerability identification complex. The integration between IT and OT systems creates interdependencies, whereby a breach in one area can quickly impact others.
How Marsh Asia helped:
Leveraging Marsh Asia’s extensive regional expertise in OT cyber security and local language capabilities, our team performed a detailed cybersecurity assessment based on industry standards such as National Institute of Standards and Technology (NIST) and ISO/IEC 62443, alongside relevant local regulations. This approach integrated consulting expertise with insurance insights to deliver a holistic solution.
Outcome:
Marsh Asia identified critical gaps and developed a prioritised roadmap of initiatives aligned with industry standards to strengthen the data centre’s cybersecurity framework and overall resilience. Findings were also used to demonstrate investments in cyber resilience and unlock additional capacity for cyber insurance.
Who would benefit from Marsh Asia’s Operational Technology Cyber Health Check?
Industries like energy and power, manufacturing and semiconductor commonly use operational technology (OT) systems. As cyber attackers continue to target complex OT and industrial control system (ICS) networks, our four-stage assessment is ideal for helping organisations reduce their risk in their OT environments. If your OT setup includes legacy operating systems or ageing hardware, our Cyber Health Check can identify cybersecurity gaps.
Why Marsh?
Backed by a team of experienced cyber risk advisors and a global network of in-house industrial risk engineers, Marsh Asia’s Operational Technology Cyber Health Check is essential for the organisation whose success depends on the breadth and depth of actionable insights from their cybersecurity assessment. Our cross-disciplinary expertise and in-depth understanding of complex industrial systems enables us to tailor the assessment and obtain findings and recommendations that resonate with your stakeholders and align with your business objectives.
Yes! I want to take the OT Cyber Health Check.
Get in touch with our cyber risk advisors.