OT Security Begins With A Technical Standard Of Critical Security Elements
- New tools detect OT devices and their configurations and providing greater visibility, but there still can be areas of uncertainty. When in doubt, assume a protection is not there.
- When something is added to the system, one way or another the standard of critical security elements must always be met for the system as a whole.
“Every time we install something, we apply a Swiss cheese model against the standard. If there’s something we can’t do, we look for what we can do in the system to cover for that security element.”
Jacob Laas Glass, who is responsible for integrated operations and ICS security on six offshore oil platforms, knows what would make ICS security easier for him. “Vendors always think their system is the only system in the world that’s going to install on a platform,” he says. “But if they had the view that they are part of a much bigger thing, we would have a much simpler solution offshore. That would be my request. Please, vendor, consider you are not the only one in the world.”