Michael Jacobs, Principal ICS Security Architect, Saudi Aramco
OT Security Begins With People, Understanding The Environment, And Selecting The Right Controls
- Begin an asset inventory with a physical walkthrough to trace cables and boxes. Then use the control network and network traffic to identify devices and configurations.
- Prioritize controls in a manner that address the right threats, is implementable within the OT/ICS environment, actually reduces risk of an attack, is cost effective, and minimizes operational and safety risk.
“Manual identification and correlation [of ICS assets] is possible, but an automated tool makes the task easier and faster.”
Having extensive experience in securing both OT and IT environments, Michael Jacobs has first-hand understanding of how these two realms differ from one another, yet how they increasingly depend on each other. When thinking about the advice he would offer a chief information security officer (CISO) faced with the challenge of securing a plant environment, Jacobs stresses understanding the environment.
This is an excerpt from Reducing Industrial Risk. The eBook was generously sponsored by PAS.
