Security in a Converging IT/OT World

by Bengt Gregory-Brown and Derek Harp
Sept. 1, 2017 1 comment SANS Institute Management

In this paper we look at the challenges in securing ICS environments and recommendations for effective ICS security. OT cyber security is a relatively young field with few experts, but a great deal can be judiciously drawn from IT experience. The fundamentals are the same: controlling access to devices and applications; monitoring networks to identify potential issues and direct appropriate responsive action; oversight and periodic reviews of controls and their effectiveness; securing the supply chain; and securing the human factor through awareness training. It is in the design and application of these basics to the particular considerations and technical nature of control systems and process control networks (PCNs) that things diverge the most, and it is here that we will focus.

Irina Alexandra Negrii 7 months, 1 week ago

IT and OT are both essential to a holistic and hardened cyber security posture. But where IT security is focused on managing and protecting data, OT cyber security focuses on protecting specific processes and commands