Cybersecurity smorgasbord
Key Highlights
- The list covers defining scopes, identifying assets and managing data for effective OT cybersecurity.
- It details six steps for implementing IEC 62443 standards, including risk assessment and system maintenance.
Inventory and taxonomy
This online publication, “Foundations for OT cybersecurity: asset inventory guidance for owners and operators,” shows how to define scopes and objectives, identify assets, collect attributes, create OT taxonomies, manage data, and implement asset lifecycle management to protect their processes, equipment systems and facilities.
Cybersecurity & Infrastructure Security Agency
How to adopt IEC 62443
This online article, “A practical approach to adopting the IEC 62443 standard” takes users through the six main steps for implementing a cybersecurity management system (CSMS), including securing management support, identifying and assessing risks, establishing awareness, deploying countermeasures, and CSMS maintenance.
ISA Global Cybersecurity Alliance
IT and OT cooperate
This one-hour video, “Practical, industrial control system cybersecurity: IT and OT have converged—discover and defend” by Doug Wylie and Dean Parsons of SANS and Ted Gary of Tenable, covers assessing connected assets for vulnerabilities and security controls, passive monitoring and active scanning, and patching strategies and techniques for effective lifecycle management of IT and OT architectures.
Two incident histories
This 37-page document, “History of industrial control system cyber incidents” by Kevin Hemsley and Ronald Fisher of Idaho National Laboratory, charts publicly reported cyber-threats to critical infrastructures during 2000-2017, which sheds light on cyber-threats to industrial control systems (ICS). A 49-page follow-up document, “Evolution and trends of ICS cyber-incidents,” covers 2017-22.
Get your subscription to Control's tri-weekly newsletter.
Multiple NIST sections
This webpage, “Cybersecurity and privacy,” links to NIST’s many cybersecurity resources. These include Cybersecurity Framework (CSF) 2.0, National Cybersecurity Center of Excellence (NCCoE), Small Business Cybersecurity Corner and Computer Security Resource Center.
National Institute of Standards and Technology
Some advice from France
This 44-page whitepaper, “Cybersecurity of industrial control systems” covers ICS myths, vulnerabilities, human negligence, deployment methods, raising awareness, risk analyses, defense in depth, alert chains, recovery plans, systemwide approaches and best practices.
Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI)
Protecting endpoints
This blog post, “Endpoint security checklist for OT organizations,” covers gaining visibility of network endpoints, prioritizing gaps with a risk-based approach, and establishing ongoing cybersecurity processes.
EPA on water utilities
This webpage, “EPA cybersecurity for the water sector,” covers how to perform cyber-evaluations and request help, develop response plans, participate in exercises and technical assistance courses, and seek funding.
U.S. Environmental Protection Agency
Five videos from Microsoft
These five 11- to five-minute videos, “Introduction to ICS/OT cybersecurity,” cover general information about industrial control system (ICS) and operations technology (OT) environments, potential gaps in security, and recommendations about how to be better prepared in case of a cyber-attack.
