Five Critical Controls for OT Cybersecurity

by | Dec 19, 2022 | Cybersecurity

Jim Cahill

Jim Cahill

Chief Blogger, Social Marketing Leader

Dragos: Five Critical Controls for World-Class OT CybersecurityAt the October Emerson Exchange conference in Texas, Dragos’ Robert M. Lee was a keynote speaker on cybersecurity practices. In his talk, Robert pointed to a new guide, 5 Critical Controls for World-Class OT Cybersecurity (signup required for download). Emerson and Dragos have been working together for many years to enable organizations in dozens of industries to strengthen the security of their OT environment further and defend their critical assets.

I’ll highlight a few takeaways from the guide and invite you to request a copy. The guide first highlights the importance of senior management support.

Why is top-down alignment so crucial? When cybersecurity strategies come from the bottom up, teams tend to address them with the resources that they have. As a result, many efforts aren’t resourced correctly, which opens the organization to unnecessary risk.

It’s also difficult to scale. Getting every plant manager educated and on board is rarely realistic, while putting the responsibility on leadership enables a bias for action.

Having the company’s board aligned with what would be required is also essential. The guide shares three ways to speak with the board.

  1. Use real-world scenarios
  2. Research previous attacks
  3. Explain the difference between IT and OT [operational technology]

Once education and alignment are attained, prioritization is critical.

Start by asking executives for a top-to-bottom list of the most important sites in the company. That list will act as a prioritization tool, enabling IT and OT to work together to decide what systems and locations to focus on first.

Use the scenarios from the initial conversations to establish how much priority each site should receive and how to balance operations across prevention, detection, and response. What you learn from the “A” sites, you can then apply to the “B” and “C” sites.

These are the five critical controls for effective OT cybersecurity.

  1. An ICS-specific [integrated control system] incident response plan
  2. A defensible architecture
  3. OT Visibility: asset inventory, vulnerability mapping, & monitoring
  4. Secure remote access
  5. Key vulnerability management

Download the guide for more on these critical controls, and visit the Enhance Cybersecurity Protection section on Emerson.com for more ways to solidify and maintain your OT cyber defenses.

Popular Posts

Comments

Subscribe for Updates

Follow Us

We invite you to follow us on Facebook, LinkedIn, Twitter and YouTube to keep up to date on all the latest news, events and innovations to help you take on and solve your toughest challenges.

Want to re-purpose, reuse or translate content?

Please do, Just link back to the post and send us a quick note so we can share your work. Thanks!

Our Global Community

Emerson Exchange 365

The opinions expressed here are the personal opinions of the authors. Content published here is not read or approved by Emerson before it is posted and does not necessarily represent the views and opinions of Emerson.