Cybersecurity strategies developed for data-centric information technology are not necessarily the best fit for protecting operational technology, says Vikram Kalkat of Kaspersky Lab.
"OT [security] is all about availability, while IT [security] is all about data confidentiality," Kalkat explains in an interview with Information Security Media Group. "It's not an either/or situation, but it's always the confidentiality aspect that the IT side of the [security] business has always addressed."
Security customized for IT won't necessarily meet the security requirements for industrial controls, or OT, he stresses.
Kalkat believes that the responsibility for the cybersecurity of OT systems should remain with the business units, and IT security wont play a major role: "I would be hesitant to say somebody else should come in and solve someone else's problem unless they have an understanding of that mindset," he says (see: Memory-Resident Malware Creating Forensics Challenges).
Kalkat recommends breaking the problem of industrial cybersecurity down to its components - people, processes and technologies - to assess the risks involved that are much different than the risks to IT (see: IoT: The Need to Expand the Scope of Security).
In this interview (see audio player link below image), Kalkat shares insights on:
- The industrial security landscape in the APAC region;
- Leveraging the IT security body of knowledge for OT security;
- Tips for OT practitioners and management for closing security gaps.
Kalkat is the senior key account manager for Kaspersky Lab's industrial cybersecurity global business development in the APAC region. He is also acting as senior business development lead for B2B solutions. Previously, Kalkat worked at IBM, where he managed a key technology account for the APAC region. He has taken on major roles in business consulting, account sales management and program management for over 17 years across U.K., Ireland, Canada and Singapore.