Endpoint Security,
Governance & Risk Management,
Internet of Things Security
Maryam Shoraka of Sydney Trains Discusses Identifying Vulnerabilities in Operational Technology Systems
In a recent discussion, Maryam Shoraka, who leads Operational Technology (OT) cybersecurity operations at Sydney Trains, addressed the inherent risks associated with the application of traditional IT frameworks within OT environments. While models like Essential 8 or Information Security Management Systems (ISMS) are effective for managing risk in IT, they can introduce critical oversights when implemented in industrial settings. Shoraka underscored the need for security leaders to develop tailored compliance strategies that align with the distinct operational requirements of OT infrastructure.
Shoraka emphasized the necessity of evolving organizational culture away from rigid adherence to IT standards. “We need to change the mindset of following regulations solely because they are successful in IT,” she articulated. This perspective highlights a crucial shift: identifying operational security measures that are genuinely effective rather than merely compliant.
Addressing the difficulties CISOs face when transitioning to new security frameworks, Shoraka shared her insights. “When I joined OT, I was cognizant of various frameworks applicable in IT. However, my initial focus was to understand how to adapt these to the unique characteristics of OT environments.” This understanding is imperative as organizations strive to fortify their defenses against evolving cyber threats.
In a video interview with Information Security Media Group, Shoraka indicated that ongoing challenges persist in asset visibility and monitoring across OT networks. She reiterated the importance of collaboration between Chief Information Security Officers and plant managers to cultivate cyber resilience. The disparity in the effectiveness of IT frameworks when applied to OT contexts was also a focal point of her discussion.
As the head of OT cybersecurity operations for Sydney Trains, which manages suburban and intercity train services throughout Greater Sydney in New South Wales, Australia, Shoraka brings extensive experience to her role. With a background in building robust security operations centers and developing cyber resilience strategies, she has previously served as acting CISO. Her expertise lies in aiding organizations in swiftly recovering from significant cybersecurity incidents.
Understanding the complexities of operational technology is crucial for security practitioners. Shoraka’s insights warrant consideration as industry leaders navigate the landscape of cyber threats and work to enhance the security posture of their organizations. As the cyber landscape continues to evolve, the adoption of tailored strategies rooted in a thorough understanding of both IT and OT environments becomes imperative for effective defense.
