8 Sep 2025 | A Year In OT Security
Last week you identified the types and number of OT cyber assets in each of the three security patching categories. This week you will take this information and develop an OT Security Patching Program and Schedule. Remember the guiding factor is efficient risk...
1 Sep 2025 | A Year In OT Security
Security patching can be a high resource task if you try to apply security patches to all your OT cyber assets on a frequent basis, such as monthly or quarterly. The risk reduction achieved through this large effort is typically minimal given the insecure by design...
25 Aug 2025 | A Year In OT Security
Good security practice requires user authentication on all systems and applications. It also requires users to logout or be locked out when they physically leave the area or leave the cyber asset idle for too long. Many OT environments and cyber assets don’t follow...
18 Aug 2025 | A Year In OT Security
You probably aren’t a physical security expert. I’m not. We should rely on people with domain expertise to design and evaluate physical security. Your task this week is to evaluate the physical security assumptions and plan at OT manned sites and areas. What are...
11 Aug 2025 | A Year In OT Security
In a perfect world, all removable media and portable computers connected to OT would be dedicated to OT. They would only be connected and used on OT. Never on IT or any other network. One way to achieve this is to deploy data transfer servers in an OT DMZ that can...
4 Aug 2025 | A Year In OT Security
Many OT security professionals have busted the airgap myth by asking questions on how software or firmware updates, schedules, recipes, anti-virus signatures, or applications are brought into the OT environment. They often are brought in through the approved OT...
28 Jul 2025 | A Year In OT Security
Your task this week will vary based on the type of system you operate. Asset owners with SCADA have more work this week. SCADA Systems SCADA systems monitoring and controlling geographically dispersed systems, such as pipelines, electric grids, and water delivery,...
21 Jul 2025 | A Year In OT Security
Predictive maintenance, efficiency studies and controls, security monitoring, and other cloud services can offer real benefits to asset owners. This trend of vendors offering, and asset owners using, cloud services is almost certain to increase. The challenge is to...
14 Jul 2025 | A Year In OT Security
Now that your OT remote access is secured, determine if the allowed remote access is necessary. Ideally user interactive remote access to OT for the purpose of performing control or administration should be rare. If this is the case, consider if it’s feasible to have...
7 Jul 2025 | A Year In OT Security
Most of the targeted, OT specific attacks, where the adversary has lived on the OT for many months, began with a compromise of remote access to OT. The limited OT cyber incident data we have clearly shows that multi-factor authentication (MFA) for OT remote access is...
