Michael Jacobs

Michael Jacobs, Principal ICS Security Architect, Saudi Aramco

OT Security Begins With People, Understanding The Environment, And Selecting The Right Controls

  • Begin an asset inventory with a physical walkthrough to trace cables and boxes. Then use the control network and network traffic to identify devices and configurations.
  • Prioritize controls in a manner that address the right threats, is implementable within the OT/ICS environment, actually reduces risk of an attack, is cost effective, and minimizes operational and safety risk.

“Manual identification and correlation [of ICS assets] is possible, but an automated tool makes the task easier and faster.”

Having extensive experience in securing both OT and IT environments, Michael Jacobs has first-hand understanding of how these two realms differ from one another, yet how they increasingly depend on each other. When thinking about the advice he would offer a chief information security officer (CISO) faced with the challenge of securing a plant environment, Jacobs stresses understanding the environment.

This is an excerpt from Reducing Industrial Risk. The eBook was generously sponsored by PAS.