AUGUST: Detection

Of the five original NIST Cybersecurity Framework Objectives (Identify, Protect, Detect, Respond, and Recover), Detect has received the most attention in venture capital and media. It has gone so far that I’ve run into many asset owners who believe buying a product from Armis, Claroty, Dragos, or Nozomi Networks is the first thing they should do in an OT security program. It isn’t even the first thing that should be done in your OT detection efforts. 

The next few weeks will help you prioritize your detection efforts, again with the goal of efficient risk reduction.

Week 31: Identify OT Detection Information Sources

Before you go out and spend a lot of resources to purchase, deploy, and run a sophisticated OT cyber detection system, ask yourself if you are taking advantage of existing, higher fidelity detection sources.  This week’s task is to use interview and brainstorming...

read more

Week 33: OT Security Log Management

Security logs are essential in incident response and after incident investigations. Do you know: What OT security related logs you have? where they are? where they’re archived?  who is responsible for the log?  would the log still be available after a cyber incident? ...

read more

Week 34: Planning And Implementing Your OT Detection

In Week 42 you decided what detection sources you will monitor and analyze. Now you need to make it happen. Develop and start implementing a plan to monitor and analyze each OT detection information source above the line in Week 42.  The task this week is to, at...

read more