The book includes insights from the following experts:
- Scott Saunders, Cyber Security Consultant, Exelon Corporation, Understanding Your Systems Is Key To ICS Security >>
- James Shank, IT and Cyber Security Program Manager, PSEG, Robust ICS Security Requires A Multi-Layered Approach >>
- Spencer Wilcox, Director of Operational Technology Cyber Security, Exelon, For Better OT Security, Control And Monitor Your Environment >>
- Everardo Trujillo, Manager, Cybersecurity Operations and Engineering, Sempra Energy, Security Professionals Need To Win The Trust Of OT Engineers >>
- Luiz Cançado, Industrial Control Systems and Cyber Security Engineer, Shell, OT Cybersecurity Requires Total Business Buy-In >>
- Brian Foster, OT/ICS Security Engineer, Portland General Electric, In Critical Infrastructure, Safety Comes First >>
- Kal Mian, Cyber Security Framework Consultant – ComTec, Entergy, OT And IT Must Understand Each Other’s Domain >>
- Jacob Laas, Head of Operational Technology at Maersk Oil, DBU, Maersk Oil, OT Security Begins With A Technical Standard Of Critical Security Elements >>
- Gabriel Agboruche, Cyber Security Specialist, Westinghouse Power, Strategies For Securing Digital Assets In Nuclear Power Plants >>
- Agustin Valencia, OT Cybersecurity, Iberdrola, OT Security Requires A Holistic View Of Plant Risk >>
- Robin U. Familara, ICS Cybersecurity and Network Engineer, Shell, Identity Access, Asset Inventory, And Incident Response Are Key >>
- Clint Bodungen, Vice President, ICS Cyber Security, LEO Cyber Security, ICS Cybersecurity Risk Management Requires A Customized Approach >>
- Michael Jacobs, Principal ICS Security Architect, Saudi Aramco, OT Security Begins With People, Understanding The Environment, And Selecting The Right Controls >>
- Craig Morris, ICS Security Manager, North Oil Company Qatar, Risk Management Requires Effective Collaboration >>
- Christophe Rey-herme, CISO for Industrial Control Systems, Total, Security Awareness Is Key To ICS Cybersecurity >>
- Ayo Folorunso Agunbiade, IT Security Analyst, SaskEnergy/TransGas, For Better ICS Security, Reduce Your Attack Surface >>
- Jose Mendez, Director, Global Cyber Security, Yamana Gold Inc., There Must Be Standard Operating Procedures For The OT Network >>
- Omar Sherin, Cyber Security Director (OT), Ernst & Young, Don’t Measure OT Cybersecurity Risk In Terms Of Financial Impact >>
- Doug Wylie, Director, Industrials & Infrastructure Portfolio, SANS Institute, Securing OT Systems Requires Specialized Tools And Approaches >>
- Elewa Ali, Senior Control System Engineer, SABIC, Recommendations For Building A Comprehensive ICS Cybersecurity Program >>
Reducing Industrial Risk was generously sponsored by PAS.
Kaspersky Lab’s discovery of Stuxnet in 2010 turned the industrial world on its head. As the first known instance of malicious code specifically designed to seek out and interfere with industrial operations, Stuxnet was a serious wakeup call for OT operators, especially those in much of the world’s critical infrastructure.
So how has the OT/ICS community responded to the new reality of OT cyber risk? With generous support from PAS, we asked 20 OT security professionals the following question:
What are the top three pieces of advice you would give a CISO to make the plant OT/ICS environment more secure from cyber attacks?
For OT and IT security people, this is something of a loaded question, largely because OT cybersecurity is still very much a work in progress. For instance, although many contributors stressed the importance of knowing your environment, that in itself is a big challenge that varies from industry to industry and plant to plant. “Asset knowledge” also means different things to different people.
The essays in this eBook provide a wealth of information and present an inside look at an aspect of cybersecurity that is still not well understood. I am certain that anyone responsible for critical industrial operations will benefit from the advice and experiences of those who have contributed to this eBook.
