OT Cybersecurity in 2021 and Beyond Series: Part III – Protection

“…organizations must assume in their planning of not only a malfunctioning or inoperative control system, but a control system that is actively acting contrary to the safe and reliable operation of the process. Organizations need an OT resilience plan…”

U.S. CISA, Alert (AA20-205A)

Industrial control systems (ICS) and operational technology (OT) were hot targets in 2020. Mid-year, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued alert AA20-205A to “reduce exposure across operational technologies and control systems” in response to “the increase in adversary capabilities and activity” and a “time of heightened tensions.”

The increasing frequency and sophistication of successful OT cyber-attacks serve as a wake-up call to all network administrators and cybersecurity teams, IT and OT alike: the smallest hole in today’s cyber defenses gives adversaries a vector for attack. It’s time to ensure critical processes and operations are resilient to today’s cyber threats. And to help, Mission Secure collaborated with guest authors from various perspectives to share their insights on what’s next for OT cybersecurity and what organizations need to consider as they plan their 2021 cyber-protection strategies and beyond. This series covers three key topics: the threat landscape (Part I), risk management (Part II), and protection.

In Part III, Julian Clark of Ince, an international legal and professional services firm; Steve Mustard of the International Society of Automation, a non-profit professional association and standards organization; and Mission Secure’s Don Ward discuss the future of OT cyber protection, regulations, standards, and recommendations for a robust and resilient defense. Check out their responses organized by topic and see how operations may bolster their OT cyber protection and risk management in 2021 and beyond.

Question: Will 2021 see any changes in regulations or standards? What will be the top OT cyber (Read more...)

*** This is a Security Bloggers Network syndicated blog from The Mission Secure Blog authored by Roark Pollock. Read the original post at: