Get All Access for $5/mo

How Organizations Can Grow Effectively In Cybersecurity For Critical Infrastructure Space The growth of IBM's OT security business has valuable insights as organizations seek to grow in this space either as providers or consumers of cybersecurity services

By Hardik Kundu

Opinions expressed by Entrepreneur contributors are their own.

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

Krishna Chaitanya Tata, a senior OT security architect at IBM

Businesses today are becoming highly interconnected, cutting across industries. This has resulted in an ever-growing spate of cyber-attacks, which are becoming very common. Interestingly, Critical infrastructure (CI) industries such as power, oil and gas, dams, mass transit, and water utilities have become prime targets. With the complexities of current geopolitics, major incidents such as Stuxnet virus, Colonial Pipeline hack, and malware attack on Kyiv's power grid are occurring with alarming regularity. As is evident from these incidents, the intent is more than a mere monetary payout, it is to cause major service disruptions to the targeted entities.

In the early 2010s, IBM security services recognized an urgent need for a comprehensive portfolio of offerings in a dedicated Operational Technology (OT) cybersecurity business. The impetus came from an increasing number of cybersecurity-related requests from their clients in the CI space. Incidents of cyber-attacks in legacy operational technology (OT) infrastructure and in the newer internet-of-things (IoT) devices were steadily growing.

"We had a strong business in the overall cybersecurity advisory space. However, OT cybersecurity was a completely new frontier. There was very little domain expertise to tap into, a shortage of highly skilled professionals and little collateral that we could use right away." says Krishna Chaitanya Tata, a senior OT security architect at IBM who was intimately involved in establishing this business. Another major challenge was that OT networks are made up of legacy equipment that is not well suited for security hardening. IoT was very new and security professionals were only beginning to understand its intricacies.

It was well understood by the IBM team tasked with setting this business up that the offerings portfolio will help in reducing disruptions of critical services for common citizens, like water and power. So, the portfolio needed to be watertight with clearly defined offerings and be tailored to the specific industry of clients. Data security concerns for instance within the power industry are different from those in the oil and gas industry

A lot of the initial ramp-up, therefore, involved establishing a thorough portfolio of service offerings, mapped to IBM's and their partners' suite of security products. Market research, which was very nascent at the time for OT security was also given priority to reinforce the business case. Independent analyst reports were assessed to obtain important metrics such as the Compound Annual Growth Rate (CAGR) of the market. Key collateral such as architectural blueprints and implementation best practices were created. Additionally, partnerships with various niche vendors in the OT security market were established.

Within a year of the germination of the business idea, the IBM OT security practice was formalized with a defined portfolio of offerings around data security, network security, intrusion detection, network segmentation and so on, all specific to OT networks.

Over the past half a decade, the OT security business has grown to be the most profitable within the company's security services business unit. The portfolio has grown substantially over the years as has the team of highly experienced OT security professionals.

With everything that has been achieved, IBM believes that the OT and IoT security space is only just starting to grow. "Cyber-attacks on critical infrastructure industries are constantly evolving. The attacks are getting increasingly sophisticated. IoT devices and cloud services are proliferating rapidly. We must keep pushing our boundaries and keep innovating in our solutions" says Krishna. When it comes to protecting critical infrastructure, as they say, there can never really be any downtime.

News and Trends

Tech Burner's Anarc Smartwatch Achieves INR 3 Cr Sales with USD 1 Mn Investment

Anarc features a patented octagonal design by Thought Over Design and Seymourpowell, with a medical-grade stainless steel body. It includes advanced technology like a Hisilicon chipset, AMOLED display, and seven-day battery life.

Starting a Business

He Started a Business That Surpassed $100 Million in Under 3 Years: 'Consistent Revenue Right Out of the Gate'

Ryan Close, founder and CEO of Bartesian, had run a few small businesses on the side — but none of them excited him as much as the idea for a home cocktail machine.

Diversity

5 Ways You Can Create a More Inclusive Workplace Immediately -- and Why You Should

The more diversity you bring to your team, the greater your chances of finding groundbreaking insights and solutions.

Marketing

4 Neuromarketing Hacks to Reach More People and Maximize Results

You don't need to be a neuroscientist or have a big budget to start upping your conversions immediately.

News and Trends

Insurtech Player Zopper Raises $25M in Series D Funding

With 40 insurance companies and 2500+ ecosystem players, Zopper will utilize the fresh capital to ramp up digital infrastructure, by strengthening its Insurance Distribution platform

Business News

'Do You Sell Cars?': Tesla CEO Elon Musk Trolls Jaguar Rebrand on X

The team running Jaguar's X account was working hard on social media this week.