Scott Saunders: Understanding Your Systems Is Key To ICS Security
Security professionals must first acquire a clear understanding of what they have and what it does before designing security controls to match. It’s important for plants to preserve institutional knowledge of the OT environment proactively before experienced...
James Shank: Robust ICS Security Requires A Multi-Layered Approach
To defend your ICS environment against an attack, analyze and assess network communications touching the outside world—particularly inbound transmissions. A single layer of defense can easily be defeated, but a multilayered system is much harder to compromise without...
Luiz Cancado: OT Cybersecurity Requires Total Business Buy-In
Understanding OT and IT environments not only means knowing what is in them, but also understanding how they operate together, and how they are different. The challenge in integrating IT and OT is not starting the process—because it’s already happening—but in doing it...
Everardo Trujillo: Security Professionals Need To Win The Trust Of OT Engineers
To be successful, the first thing security people need to do is sit down with OT engineers and learn from them. Gaining that trust is essential. Tools that provide visibility into the OT network help security gain a clearer idea of what they must protect, but they...
Kal Mian: OT And IT Must Understand Each Other’s Domain
Performing a risk assessment is key to establishing a stronger OT security practice. Vulnerability identification and prioritization should be done based on the criticality of the site and its systems to the business. "In the industrial control world, some controls...
Michael Jacobs: OT Security Begins With People, Understanding The Environment, And Selecting The Right Controls
Begin an asset inventory with a physical walkthrough to trace cables and boxes. Then use the control network and network traffic to identify devices and configurations. Prioritize controls in a manner that address the right threats, is implementable within the...
Elewa Ali: Recommendations For Building A Comprehensive ICS Cybersecurity Program
Risk assessments enable leadership to make informed, high-level business decisions about cybersecurity initiatives. Restructuring the network and proactively updating aging hardware and software can help a plant better secure its control systems. "Standalone machines...
Gabriel Agboruche: Strategies For Securing Digital Assets In Nuclear Power Plants
People often don’t recognize there are risks when you open up your network to certain types of technologies or even vendors. Know what you have, all the current configurations of those devices, understand what those devices control, and understand how the data is...
Jacob Laas Glass: OT Security Begins With A Technical Standard Of Critical Security Elements
New tools detect OT devices and their configurations and providing greater visibility, but there still can be areas of uncertainty. When in doubt, assume a protection is not there. When something is added to the system, one way or another the standard of critical...
Jose Mendez: There Must Be Standard Operating Procedures For The OT Network
One way to document everything is to start with a vendor who can make a complete assessment and report on all your PLCs and controllers, and then move forward from there. OT network controls need to include proper onboarding of new systems, proper patching, proper...
