Shutterstock 1389157238

Five controls for OT cybersecurity

Dec. 2, 2022
Cybersecurity week 2022—day 5: Dragos details five control policies/procedures for successful cybersecurity

Operations technology (OT) cybersecurity is finally getting more of the attention it deserves, but Dragos Inc. reports that executive buy-in and five control policies/procedures are needed for a successful cybersecurity program. To gain executive understanding and support, a cybersecurity supporter should present them with real-world examples of cyber-attack impacts and how much they cost, research prior incidents including U.S. Security and Exchange Commission (SEC) filings by firms that were impacted, and explain the difference between information technology (IT) and operations technology (OT) and stress that they must support OT cybersecurity as well as IT.

The five controls for cybersecurity are:

  • Create a dedicated industrial control system (ICS)-specific incident response plan that addresses OT device types, communication protocols, procedures, tools and languages. Include points of contact, such as employees with cybersecurity skills in each facility, and add thought-out steps for specific cyber-scenarios at each location. Consider performing tabletop exercises to test and improve response plans.
  • Establish a defensible architecture by hardening the environment—remove extraneous OT network access points, maintain strong policy control at IT/OT interface points, and mitigate high-risk vulnerabilities. Invest in training people in skills for adapting to new vulnerabilities and cyber-threats.
  • Maintain visibility and monitoring with an inventory of assets. Map vulnerabilities against assets and mitigation plants, actively monitor network traffic for cyber-threats, and respond as needed. Visibility of assets validates implemented security, and threat detection enables scaling as networks grow.
  • Implement multi-factor authentication (MFA) across OT’s systems for an extra, low-cost layer of cybersecurity. If MFA isn’t possible, consider using a jumphost with focused monitoring to manage devices in a separate security zone. Focus on connections in and out of a network, rather than links within the network.
  • Perform key vulnerability management by maintaining timely awareness of vulnerabilities that apply to the environment with correct, updated information and risk ratings. Also, maintain alternative mitigation strategies to minimize exposure, while continuing to operate.   
About the Author

Jim Montague | Executive Editor

Jim Montague is executive editor of Control. 

Sponsored Recommendations

2024 Industry Trends | Oil & Gas

We sit down with our Industry Marketing Manager, Mark Thomas to find out what is trending in Oil & Gas in 2024. Not only that, but we discuss how Endress+Hau...

Level Measurement in Water and Waste Water Lift Stations

Condensation, build up, obstructions and silt can cause difficulties in making reliable level measurements in lift station wet wells. New trends in low cost radar units solve ...

Temperature Transmitters | The Perfect Fit for Your Measuring Point

Our video introduces you to the three most important selection criteria to help you choose the right temperature transmitter for your application. We also ta...

2024 Industry Trends | Gas & LNG

We sit down with our Industry Marketing Manager, Cesar Martinez, to find out what is trending in Gas & LNG in 2024. Not only that, but we discuss how Endress...