12 May 2025 | A Year In OT Security
Your IT network has been compromised. Your OT network seems to be working fine, but you’re worried that the compromise will spread to OT. What do you do? Colonial Pipeline faced this situation in 2021 when ransomware infected their IT network. Their response? Shut...
5 May 2025 | A Year In OT Security
The most frequent category of a cyber attack caused outage in OT and Operations, is ransomware infecting systems on the IT network, also called the corporate or enterprise network. Stated another way, most cyber incidents causing an outage in Operations never reach...
28 Apr 2025 | A Year In OT Security
Common complaint in OT security: the company won’t spend money on OT security. This week you begin to experience the joy of getting funding for your OT cyber risk reduction project. Let’s review this month’s activities: You’ve identified and understood the safety and...
21 Apr 2025 | A Year In OT Security
If any of your failure scenarios from last week required isolating the safety and protection devices and systems from OT, then this week you will design your solution. Note: Even if you don’t need to isolate your safety and protection you should read this section. The...
14 Apr 2025 | A Year In OT Security
Last week you identified failure scenarios that could cause a high consequence event when OT is compromised. This week’s task is simple and important. For each failure scenario from Week 15, identify a solution that would prevent the high consequence event if OT were...
7 Apr 2025 | A Year In OT Security
This week’s task builds on the information collected in the previous five weeks and provides a key output for your OT security program. It identifies the high consequence events that could be caused by a cyber incident if an attacker gains access to and control of OT....
1 Apr 2025 | A Year In OT Security
The tasks in April are the most important, and the most rarely done, tasks in OT security and cyber risk management. This should be clearer after March when you learned about your company and its risk management program. In a perfect world, systems would work 100% of...
31 Mar 2025 | A Year In OT Security
Last week you identified the high consequence events related to the industrial process being monitored and controlled in OT. This week you learn what is in place to prevent these high consequence events. The engineers who designed the process are again your primary...
24 Mar 2025 | A Year In OT Security
Many industrial processes can go bad in ways that cause catastrophic events. Loss of life. Severe property damage. Environmental disasters. If something gets too hot, spins too fast, mixes with the wrong chemicals, vibrates too much … BOOM! Your task this week is to...
17 Mar 2025 | A Year In OT Security
This week’s task requires a discussion with the Finance department. Cybersecurity people in OT and IT often overestimate the financial impact of an outage. In one way, this is a good thing. It means the individual and team will work hard to avoid an outage because...
