1660601538061 Cybersecuritytodolist2

OGE cybersecurity checklist

July 15, 2019
Jason Nations of OGE Energy Corp. detailed his cybersecurity to-do list during his presentation at ARC Industry Forum 2019.

Each process application has its own unique characteristics, and so each has its own vulnerabilities and cybersecurity tasks to perform. Jason Nations, senior enterprise security manager at OGE Energy Corp., Oklahoma City, detailed his cybersecurity to-do list during his presentation at ARC Industry Forum 2019 earlier this year in Orlando. It's assignments include:

  • Inventory and understand your operating environment, assets and equipment, and find security gaps in them;
  • Segment the network with firewalls into sub-networks determined by role-based assets and applications;
  • Get all internal staff onboard, and find partners and vendors, so all can help define cybersecurity use cases;
  • Follow cybersecurity best practices from recognized organizations, such as NIST's Cybersecurity Framework and the U.S. Dept. of Energy's Cybersecurity Capability Maturity Model (C2M2);
  • Base all decisions on risk to answers questions like what are our critical processes?
  • Take care of low-hanging fruit, such as settling on DCS group policies, etc;
  • Plan and coordinate cybersecurity software and hardware deployments with field personnel;
  • Steadily develop a cybersecurity culture, in part by building relations between IT and OT operators in the field;
  • Prioritize threat intelligence feeds and limit cybersecurity windows for analysts, so they can focus their efforts and be more effective; and
  • Once basic cybersecurity policies, procedures and solutions like anomaly detection are established, begin to actively hunt for threats.  
About the author: Jim Montague
About the Author

Jim Montague | Executive Editor

Jim Montague is executive editor of Control. 

Sponsored Recommendations

Measurement instrumentation for improving hydrogen storage and transport

Hydrogen provides a decarbonization opportunity. Learn more about maximizing the potential of hydrogen.

Get Hands-On Training in Emerson's Interactive Plant Environment

Enhance the training experience and increase retention by training hands-on in Emerson's Interactive Plant Environment. Build skills here so you have them where and when it matters...

Learn About: Micro Motion™ 4700 Config I/O Coriolis Transmitter

An Advanced Transmitter that Expands Connectivity

Learn about: Micro Motion G-Series Coriolis Flow and Density Meters

The Micro Motion G-Series is designed to help you access the benefits of Coriolis technology even when available space is limited.