Representative End User Clients
Representative Automation Clients
Representative Software Clients
Earlier we spoke about the three Cs of digital transformation – communication, connectivity, and collaboration. Today, it is acknowledged that the fourth C - cybersecurity for industrial and infrastructure operations is critical, and that it covers a very broad range of technologies, services, and issues. This was the topic discussed between ARC’s cybersecurity practice head Sid Snitkin and Fortinet’s CISO, North America Operational Technology, Richard (Rick) Peters during the ARC Industry Forum in Orlando. This blog focuses on the highlights and quotes of the interview. The full interview can be viewed here or/and on YouTube.
Fortinet’s Differentiating Factor
“What differentiates Fortinet from others in the cybersecurity space is its vision and perspective of protecting operational technology, industrial control systems, the cyber-physical - those assets that are most valuable. And taking a different approach using solution-based strategies, instead of point solutions,” explained Rick. This is exciting to the operational technology system owner, because it provides an end-to-end solution for things like visibility, from device detection to ensuring the integrity of the asset, and the implementation of more advanced strategies, like automated response.
Protecting Clients’ Systems
Digital transformation is driving a lot of change that has a direct impact on cybersecurity. “For operational technology, you're feeling the pains of digital transformation, in the convergence of IT and OT,” said Rick. These environments have many security concerns. When they are brought together, there is a much larger attack surface and more opportunities for disruption.
“So, Fortinet's perspective is to think inside out. Not that perimeter security isn't important, but really thinking about what could be going on internally. And that's important when you think about the frequency of what's happening today, against industrial control systems, across the verticals,” said Rick.
Cybersecurity Concerns of Digital Transformation
Rick spoke about how Fortinet addresses cybersecurity concerns of clients on their digital transformation journeys. The reservation to launch new initiatives largely stems from fear, and there are lots of articles on cyber- extortion/espionage/and sabotage to fuel this fear. So, when there’s a case like Trisys/Triton, where a system was affected at its core, the solution provider needs to instil confidence of safe operations – “because safe and continuous operations are the baseline. That's the premise upon which OT security is really founded, and Fortinet's focus with our security fabric is intended to bring that level of confidence,” said Rick.
Key Initiatives
Fortinet’s key initiatives transcend beyond basic needs, like device integrity and visibility. It is about providing situational awareness, so that things like transparent security without latency and speed are considered. “In other words, doing it at the pace of operations, and being able to secure all of that while scaling,” said Rick. Usually, the operational technology system owner isn't into change to begin with, so they have to be convinced about the longevity of the security solution.
Providing Vendor Support
“Fortinet thinks holistically. The company isn’t trying to fly solo, and I think that's really important in operational technology. It really is a team sport,” said Rick. The company is working strongly at developing partnerships with system integrators and MSSPs (managed security service providers). “And when you start to think about designing security in, instead of bolting it on, and really thinking about an ecosystem approach, you're delivering something that can be repeated again and again,” he added. This works across all verticals - energy utilities, manufacturing, building automation, and transportation.