Common OT Security blocking points
Successful OT cyber security projects need the involvement of multiple stakeholders across the whole organisation; not only IT and security departments need to contribute, but also the shop floor staff. Shop floor managers typically have high workloads and productivity pressure; additionally, technical and organisational changes are usually limited to narrow maintenance windows. Quite often these timeframes are the only chance to run tests or execute implementations on a production line. Especially for those organisations that just started their journey to a higher OT Security maturity, these blocking points might be even more present.
To face these challenges, trustful relationships between cyber security and shop floor staff, as well as a strategic plan for OT Security are key. Now is the time to tackle these challenges and accelerate your OT Security program.
6 quick wins to use interruptions to enhance OT Security
Although the crisis causes production interruptions and raises challenges for organisations, the crisis also creates opportunities. Some of the mentioned difficulties for OT security are lessened during an interruption. Therefore we, at Airbus CyberSecurity, identified the following six quick wins to best use this opportunity to enhance your cyber-hygiene and accelerate your OT security program:
1. Determine your OT security maturity and risk exposure
Leverage the availability of key personnel to gather the required information to determine your security maturity. Take the chance to discuss potential threats with those who know the production line best and assess your risk exposure. Update existing documentations and create a holistic picture of your OT security maturity level.
2. Define your strategy and the corresponding roadmap to achieve your target OT security maturity
Consider your current OT security maturity and risk exposure to define your target OT security posture and create a strategic roadmap for your OT security program.
3. Update your OT security policies, guidelines and responsibilities
Effective policies, guidelines and responsibilities build the basis of every cyber security program. Once in place, they need to be updated regularly – especially if you implemented best practices or industry standards such as ISO 27001 and IEC 62443.
4. Enhance your OT asset management
Everyone in cyber security might have heard it at least once, “you can’t protect what you don’t understand”. Even though it may sound a bit obvious, it’s very true but often not thought of enough. An up-to-date asset inventory and well established processes to manage these assets is the basis for every OT security program. Therefore, use the time to gather as much information about your assets as you can in cooperation with your shop floor staff.
5. Investigate your vulnerable OT systems
Once the information about your assets is gathered, start investigating their security vulnerabilities; assess your assets and execute a penetration test on them. Use the results for your strategic planning and re-evaluate your plan for patching. Now is a good time to extend your vulnerability management activities.
6. Run cyber security awareness training for OT staff
Besides technical and organisational measures, your staff are a very important dimension of cyber security. Professional training and awareness for your OT staff can massively increase the effectiveness of all supporting security measures. For example, let your cyber security professionals and shop floor staff assume the role of an attacker or defender; use their knowledge about your production facility to discover new perspectives while boosting their awareness.
All of these quick wins turn challenges you might face today due to the crisis, into opportunities and support your company to emerge stronger and better protected.
How we can support you in boosting your OT Security
We at Airbus CyberSecurity help critical infrastructure and industry to build and maintain persistent CyberResilience for the interconnected industrial systems of tomorrow. Based on our experience, we offer various modular solutions for achieving the CyberResilience for Tomorrow our customers need. Our portfolio is tailored to the needs of critical infrastructure, industrial systems and shop floors; environments we at Airbus are very much familiar with. Take the opportunities the crisis creates for OT Security and talk to us today!
Find more information here.