Ayo Folorunso Agunbiade: For Better ICS Security, Reduce Your Attack Surface
Application whitelisting and proper configuration and patch management reduces the attack surface and helps keep control systems more secure. Analyze potential attack vectors to reduce your environment’s overall attack surface and make it much more challenging for...
Robin Familara: Identity Access, Asset Inventory, And Incident Response Are Key
Identity access, asset inventory, and procedures for responding to and recovering from an attack are keys to a strong ICS cybersecurity program. Good communication between remote network engineers, on-site engineers and system owners makes it easier to update the...
Scott Saunders: Understanding Your Systems Is Key To ICS Security
Security professionals must first acquire a clear understanding of what they have and what it does before designing security controls to match. It’s important for plants to preserve institutional knowledge of the OT environment proactively before experienced...
James Shank: Robust ICS Security Requires A Multi-Layered Approach
To defend your ICS environment against an attack, analyze and assess network communications touching the outside world—particularly inbound transmissions. A single layer of defense can easily be defeated, but a multilayered system is much harder to compromise without...
Luiz Cancado: OT Cybersecurity Requires Total Business Buy-In
Understanding OT and IT environments not only means knowing what is in them, but also understanding how they operate together, and how they are different. The challenge in integrating IT and OT is not starting the process—because it’s already happening—but in doing it...
Everardo Trujillo: Security Professionals Need To Win The Trust Of OT Engineers
To be successful, the first thing security people need to do is sit down with OT engineers and learn from them. Gaining that trust is essential. Tools that provide visibility into the OT network help security gain a clearer idea of what they must protect, but they...
Kal Mian: OT And IT Must Understand Each Other’s Domain
Performing a risk assessment is key to establishing a stronger OT security practice. Vulnerability identification and prioritization should be done based on the criticality of the site and its systems to the business. "In the industrial control world, some controls...
Michael Jacobs: OT Security Begins With People, Understanding The Environment, And Selecting The Right Controls
Begin an asset inventory with a physical walkthrough to trace cables and boxes. Then use the control network and network traffic to identify devices and configurations. Prioritize controls in a manner that address the right threats, is implementable within the...
Elewa Ali: Recommendations For Building A Comprehensive ICS Cybersecurity Program
Risk assessments enable leadership to make informed, high-level business decisions about cybersecurity initiatives. Restructuring the network and proactively updating aging hardware and software can help a plant better secure its control systems. "Standalone machines...
Gabriel Agboruche: Strategies For Securing Digital Assets In Nuclear Power Plants
People often don’t recognize there are risks when you open up your network to certain types of technologies or even vendors. Know what you have, all the current configurations of those devices, understand what those devices control, and understand how the data is...