Knowing where to start can be the biggest roadblock to implementing a successful cybersecurity strategy for your organization. This exclusive OT Security Roadmap from Nicole Darden Ford, Rockwell Automation VP, Global Security & CISO outlines the recommended steps to secure OT Industrial Control Systems. The playbook aligns with the NIST framework, showing you step-by-step how to audit your current security state, identify gaps, and take a proactive approach to mitigate risk.
Step 1: Discover
- Know where you stand. Conduct a security and risk assessment – log all issues and review progress against findings.
- You can’t protect what you can’t see. You must gain a full understanding of what network assets you have on your plant floor and their current state. Start by conducting extensive network discovery and asset inventory.
Step #2: Remediate
- Work with stakeholders to prioritize assets and organizational risk levels. Take the necessary steps to eliminate, upgrade or replace unneeded, unused, unsupported OT applications and infrastructure. This will look different for every organization based on what you discover in step 1.
Step #3: Isolate
- Establish a perimeter by physically and logically segmenting your networks. Put up a firewall and establish the internal and external cybersecurity policies to protect your OT assets. Set up an on-prem Industrial Data Center to encapsulate critical applications inside the protected OT network.
- Enable third party remote access. Third parties need access, but you must control the access and maintain visibility of what they’re doing in your network by enabling OT access controls.
- Secure endpoints with security software on plant floor assets.
Step #4: Monitor & Respond
- Now that you have a solid foundation in place, the next step is to implement OT network monitoring to provide real time OT cybersecurity including malicious event / asset risk alerting, network diagnostics, AI learning, and KPI dashboafding. The data only works for you if you are continuously viewing and reacting to it.
- Establish an OT SOC (Security Operations Center) for 24/7 real time alert monitoring, acknowledgement, and triage. Cyberattacks aren’t limited to 9-5.
- Create an integrated IT/OT cyber event response team. Define event response and isolation protocols. IT/OT must have equal involvement and buy-in for these protocols to be successful. Execute Table-Top exercises to simulate attacks and outcomes.
Looking for more information or wondering exactly how your organizations stacks up against cyberattacks? Take our Cybersecurity Preparedness Assessment to receive a customized report that will help you identify gaps, prioritize next steps, and compare yourself to industry averages.