ICS Security Tips for IT Pros

As more and more industrial control system (ICS) devices become interconnected in many industries, information technology (IT) and plant operations engineering teams and technology – (often referred to as  OT) – are converging rapidly. Convergence is challenging for both areas, often creating gaps, causing conflict and leaving security risks unresolved.An effective cybersecurity program starts by building a bridge between the two. As such, IT professionals need to make an effort to understand OT’s priorities and unique environment requirements and goals, and vice versa.Dave Meltzer, chief research officer at Tripwire, reflects on this latter imperative:“For IT security pros that want to start to cooperate on security with OT, learning about how OT works is a great starting place. Whether that means buying a PLC training kit and learning what these devices actually look like in OT environments, or taking an Industrial Security Controls class, or just reading a book on the subject, it is beneficial for IT professionals to go in with an open mind and learn about the unique challenges that exist on the plant side of the business.”Indeed, as an IT professional, you think you know cybersecurity, but you might be surprised to learn that your security concerns are very different than those of a plant operator. Look for a greenfield project where new technology allows for IT to get involved without concern for the typical constraints imposed by prior brownfield or legacy infrastructure. When it comes to brownfield and existing infrastructure, integrating newer technology and methods with outdated and legacy systems can potentially disrupt operations.Meanwhile, OT professionals operate in a high-trust environment and don’t believe in “Fear, Uncertainty, and Doubt.” Uptime and availability is their top concern, and plant operators tend to dislike you IT pros on the shop floor. When it comes to identifying, prioritizing and classifying assets, they’re typically concerned with the top 10 percent that have the highest impact to process controls and system availability.

Leave a Reply