At the October Emerson Exchange conference in Texas, Dragos’ Robert M. Lee was a keynote speaker on cybersecurity practices. In his talk, Robert pointed to a new guide, 5 Critical Controls for World-Class OT Cybersecurity (signup required for download). Emerson and Dragos have been working together for many years to enable organizations in dozens of industries to strengthen the security of their OT environment further and defend their critical assets.
I’ll highlight a few takeaways from the guide and invite you to request a copy. The guide first highlights the importance of senior management support.
Why is top-down alignment so crucial? When cybersecurity strategies come from the bottom up, teams tend to address them with the resources that they have. As a result, many efforts aren’t resourced correctly, which opens the organization to unnecessary risk.
It’s also difficult to scale. Getting every plant manager educated and on board is rarely realistic, while putting the responsibility on leadership enables a bias for action.
Having the company’s board aligned with what would be required is also essential. The guide shares three ways to speak with the board.
- Use real-world scenarios
- Research previous attacks
- Explain the difference between IT and OT [operational technology]
Once education and alignment are attained, prioritization is critical.
Start by asking executives for a top-to-bottom list of the most important sites in the company. That list will act as a prioritization tool, enabling IT and OT to work together to decide what systems and locations to focus on first.
Use the scenarios from the initial conversations to establish how much priority each site should receive and how to balance operations across prevention, detection, and response. What you learn from the “A” sites, you can then apply to the “B” and “C” sites.
These are the five critical controls for effective OT cybersecurity.
- An ICS-specific [integrated control system] incident response plan
- A defensible architecture
- OT Visibility: asset inventory, vulnerability mapping, & monitoring
- Secure remote access
- Key vulnerability management
Download the guide for more on these critical controls, and visit the Enhance Cybersecurity Protection section on Emerson.com for more ways to solidify and maintain your OT cyber defenses.