Industrial cybersecurity has always been a challenge. As complex as it is already, the pandemic we are facing in 2020 further complicates things. According to the recent report by the ARC Advisory Group, the number of remote workers among industrial organizations has increased by 53%, creating additional tasks for IT and OT professionals. At the same time, only about a quarter of industrial companies have developed a strategic incident response plan.

While some of the large industrial enterprises may have sufficient budgets and competent professionals to effectively tackle an OT security project, others experience a lack of resources. According to the same report, 24% of industry organizations have experienced a reduction in their ICS budget. The paradox is that access needs are growing, requiring remote visibility of the most critical areas of their industrial infrastructures.

Structured approach to OT security

There’s good news for companies, who are thinking about how to approach their OT security program. By following the 5 universal steps outlined below, any industrial organization can recognise, structure and prioritize their real security needs. Furthermore, it can identify the most requested actions with the available budgets and resources.

PHASE 1. Conducting the safety audit

Companies often underestimate the importance of cybersecurity diagnostics. However, this step is critical for sensitive OT networks, as it allows you to gain visibility into your existing security processes. It also helps you identify problems, set proper security goals, and plan next steps with confidence. By gaining an understanding of which technologies are really needed, you can spend your budget wisely.

PHASE 2. Find the technologies for security

With the high diversity of OT environments across multiple industry verticals, it may be challenging to find a single technology or vendor that can address all of a customer’s OT security requirements. It is more common to find a combination of compatible technologies that can scale for the needs of the industrial organization. If there is no suitable solution on the market, the best option may be to look for a suitable technology among large or small security vendors or even develop it from scratch.

PHASE 3. Properly implement security

Continuity of industrial processes and human and environmental safety are top priorities for OT networks. Therefore, OT security solutions must be carefully implemented and configured according to local and international compliance standards, which include ISO/IEC 27001, NIST SP, ISA/IEC 62443, NERC CIP and other relevant standards.

PHASE 4. Professional safety management

Managing OT security can be complex, covering multiple areas and requiring different security management skills. Furthermore, the cybersecurity approach of IT and OT networks is different, leading to the shortage of security professionals among industrial organizations. Industrial enterprises can overcome this challenge by filling security management roles and governing security projects, internally or with outsourced SOC services. Constant security monitoring helps recognize suspicious patterns and detect security incidents and cyber attacks in their early stages.

PHASE 5. Continuing safety training

Cybersecurity is an area in constant development, requiring the contribution of every employee within an industrial organization. Common security awareness training is used to develop security skills and healthy daily habits among non-IT teams and C-level managers. At the same time, advanced training, including dedicated OT security, Threat Intelligence and other courses advanced, is used to enhance the skills of IT and OT security professionals responsible for protecting OT infrastructures against cyber-attacks.

Important note

This article is intended for educational and informational purposes only. Any unauthorized action towards any control system present on a public or private network is illegal! The information contained in this and other articles are intended to make people understand how necessary it is to improve defense systems, and not to provide tools for attacking them. Violating a computer system is punishable by law and can cause serious damage to property and people, especially when it comes to ICS. All the tests that are illustrated in the tutorials have been carried out in isolated, safe, or manufacturer-authorized laboratories.

Stay safe, stay free.