版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
UnlockingCyberResilienceinIndustrialEnvironments:FivePrinciples
WHITEPAPER
NOVEMBER2023
Images:Midjourney,GettyImages
Contents
Executivesummary
3
Introduction
4
1GuidingprinciplesforcyberresilientOTenvironments
7
2ActionableapproachestoimplementingOTcybersecurity
8
principles
3MonitoringtheimplementationofOTcybersecurityprinciples11
4EnablinginnovationinOT
12
Conclusion
14
Contributors
15
Endnotes
17
Disclaimer
Thisdocumentispublishedbythe
WorldEconomicForumasacontribution
toaproject,insightareaorinteraction.
Thefindings,interpretationsand
conclusionsexpressedhereinarearesult
ofacollaborativeprocessfacilitatedand
endorsedbytheWorldEconomicForum
butwhoseresultsdonotnecessarily
representtheviewsoftheWorldEconomic
Forum,northeentiretyofitsMembers,
Partnersorotherstakeholders.
©2023WorldEconomicForum.Allrights
reserved.Nopartofthispublicationmay
bereproducedortransmittedinanyform
orbyanymeans,includingphotocopying
andrecording,orbyanyinformation
storageandretrievalsystem.
UnlockingCyberResilienceinIndustrialEnvironments:FivePrinciples2
November2023
UnlockingCyberResilience
inIndustrialEnvironments:
FivePrinciples
Executivesummary
Thedigitalizationandconnectednessofindustrialenvironmentsisopeningupbusinessopportunitiesandenhancingoperationalefficiency.Atthesametime,itexposesorganizationstocyberattacksthatcanoffsetthesegains.
Today’sindustrialenvironmentconsistsof
operationaltechnologies(OT)which,accordingtosomesources,arelargelyoutdated.1Theyhaveinteroperabilityandconnectivitylimitations,and
weakornosecuritymanagementcapabilitiesandprocedures.2
TheincreasedconvergenceofOTwiththetraditionalITenvironmentisleadingtoanincreaseininherentvulnerabilities,whicharedoublingeveryyear.3
TheOTenvironmentisfundamentalforensuringthecontinuationofindustrialoperationsthatkeepglobaleconomiesandinfrastructuresrunning.ToimproveOTenvironmentsecurity,theWorldEconomic
Forumincollaborationwithpartnersfromthe
electricity,manufacturing,andoilandgasindustries,hasdevelopedalistofguidingprinciples.Combinedwithasetofbestpractices,theseaimtohelpcyberleadersensureacyberresilientOTenvironmentforuninterruptedandefficientbusinessoperations.
Principle1:Performcomprehensiverisk
managementoftheOTenvironment.
Principle2:EnsureOTengineersandoperatorsofinstallationshaveresponsibilityforOTcybersecurity.
Principle3:Alignwithtoporganizational
leadership,strategicplanningteamsandthirdpartiestomakesecurity-by-designareality.
Principle4:MakecybersecuritystandardsandbestpracticescontractuallyenforceableonpartnersandvendorstobuildacybersecureOTenvironment.
Principle5:Runjointtabletopexercisestoensurepreparednessincaseofanactualincident.
Theseprinciplesandbestpracticescanhelp
organizationssafeguard,maintainandmonitor
theirindustrialOTenvironmentaswellasensure
businesscontinuity.WhilemanyorganizationsmayalreadyhavesomemeasuresinplacetoensureacyberresilientOTenvironment,sharedguidance
canhelpmanagecyberrisksattheecosystemleveltoincreasesystemicresilience.
UnlockingCyberResilienceinIndustrialEnvironments:FivePrinciples3
Since2021,themanufacturing
sectorhasbeen
themosttargeted,experiencing61%ofcyberattacks.Theoiland
gas(11%),
transportation
(10%)andutilities(10%)sectorshavebeennext.
Introduction
WhydoesOTcybersecurity
matter?
Theindustrialinfrastructureandoperations
landscapesareundergoingaprofound
transformationduetotechnologicalinnovation.Agrowingconvergenceofinformationtechnology(IT)andoperationaltechnology(OT)isdrivenbythe
rapidadoptionofcutting-edgetechnologieslike
bigdata,digitaltwinsandtheindustrialinternetofthings(IIoT).Thesetwodomainsareexpectedtobecomeincreasinglyintricateandinterconnectedovertime.Thisinexorableshiftisexemplified,in
part,bytheprojectedIIoTmarketgrowth,4whichisexpectedtosurgefromapproximately$85.5billionin2023tonearly$169.6billionby2028.
WhatisthedifferencebetweenITandOT?
Informationtechnologyreferstotechnologies
includingcomputersandnetworksthatstore,
processandtransmitinformation,whileoperationaltechnologyencompassesindustrialcontrolsystems(ICS)thatoperate,controlandmonitorindustrial
equipmentandprocesses.
ThegrowingsynergybetweenITandOT,commonly
referredtoasIT/OTconvergence,presents
numerousopportunitiesforindustrialorganizations.Theseincluderemotecontrol;real-timemonitoring;enhancedvisibilityofmachinery,plantsandassets;simplificationofanomalydetection;improved
operationalefficiencyandproductivity;andfasterdecision-makingprocesses.
However,thisnewfoundconnectivitybetweenOTdevicesandITnetworksalsoexpandsthecyber
risklandscape,introducingbothintentionaland
unintentionalcybersecuritythreats.Traditionally,theOTenvironmentremained“air-gapped,”meaningitwasnotconnectedtotheinternet,andexternalhardwareandremovablemedia(e.g.USBdrives)weretheprimarycybersecurityconcerns.Asthesetwoenvironmentsmerge,cybersecuritybreachescaninfiltratefromITtoOTthroughmeanssuchasinternetmalwareinfectionandunauthorizedaccessviamobiledevices.
Today,OTenvironments,inlargepart,relyonlegacytechnologiesbuilttoperformspecifictasksand
operatingonspecializedsoftwareandproprietary
protocols.Oftendesignedwithoutcybersecurity
inmind,manyoftheselegacysystemshavebeenproducedbynow-defunctmanufacturerswhose
softwareupdatesareinfrequentanddifficultto
implement,ultimatelyleavingthemexposedto
securitythreats.Infact,arecentstudybyMicrosoftfoundthat75%ofindustrialcontroldevicesare
unpatchedandfeaturehigh-severityvulnerabilities.5Otherthreatfactorsincludeimpropernetwork
segmentation–which,accordingtoDragos,
happenstobethecasefor50%oforganizations6–orpoorremote-accesspractices.
Maliciousactorsdonotshyawayfromexploiting
suchvulnerabilities.AreportbyMcKinseyshows
thatOTcybereventshaveincreasedby140%from2020to2021.7Ofthoseevents,35%sustained
physicaldamagewithanestimatedimpactof$140millionperincident.8Thatsaid,itisimportantto
notethatnotallindustriesareequallyimpacted
byOTattacks.Forinstance,since
2021
,9the
manufacturingsectorhasbeenthemosttargeted,experiencing61%ofcyberattacks.Theoiland
gas(11%),transportation(10%)andutilities(10%)sectorshavebeennext.
Organizationsinthemanufacturing,oiland
gas,andelectricityindustriesboredamages
amountingto$2.8milliononaveragein2021.10Inadditiontofinanciallosses(directlyfromthe
damageandfromrelateddowntime),dataand
intellectualpropertytheft,andreputationdamage,cybersecuritybreachesinOTenvironmentscanhaveconsequencessuchas:
–Damagetotheenvironment.
–Exposureofpeopleandpersonneltodangerousconditions.Gartnerpredictsthatby2025,
maliciousactorswillbeabletoweaponizetheOTenvironmenttocauseharmorlossoflife.11
–Reducedavailabilityandqualityofessential
goodsandservicesincludingenergy,healthcareandtransportation;thiscantriggerbehaviourssuchaspanic-buyingandstockpilingby
consumers.
–Legalandregulatoryviolationsresultinginfines,lawsuitsandregulatoryscrutiny.
–Implicationsfornationalsecurityandpublic
safety,giventhatOTisasignificantcomponentofcriticalinfrastructure,andanylevelof
cybersecurityriskcanbeconsideredcritical.
UnlockingCyberResilienceinIndustrialEnvironments:FivePrinciples4
FIGURE1Cyberincidentsintheoilandgasindustry
Stuxnet
Iran,2010
Firstdocumentedtargeted
cyberattackonindustrial
controlsystems(ICSs)to
exhibitphysicalconsequences
BlackEnergy
Ukraine,2015
Remoteintrusionsatthree
regionalelectricitydistributioncompaniescausedpower
outagesforapproximately225,000people
Industroyer2
Ukraine,2022
Version2ofthe2016
malwarecausedmultipledisruptionsofenergy
distributionand
transmissionoperations
Triton
SaudiArabia,2017
Deploymentofmaliciouscode
disabledsafetysystemsdesignedtopreventcatastrophicindustrialandphysicalaccidentsandcost$1trillion
SuncorEnergyCanada,2023
InJune2023,SuncorEnergy
sufferedacyberattack
impactingpaymentoperationsatPetro-CanadagasstationsacrossCanada.Customers
wereunabletousecreditcardrewardspointstocomplete
theirpurchases
2012
2016
2021
Today
2015
2017
2022
2023
2010
Shamoon
SaudiArabia,2012
WipermalwareaffectedseveralITmachinesthatdisruptedtheindustrialoilandgasoperations,withrecoverytakingmorethantwoweeks
Industroyer
Ukraine,2016
Malwarecreatedlargedisruptionsandpoweroutagesto20%ofKyivpopulation
Colonialpipeline
USA,2021
Ransomwarecrippledfuel
suppliesto50millionAmericansfor11days,costing$4.4millionandbranddamage
Europeanoilhubs
Europe,2022
CyberattackontheAmsterdam-Rotterdam-Antwerp(ARA)oil
hubsconsiderablydisruptedtheloadingandunloadingofrefinedproductcargoesacrossseveralEUcountries
FloridaWaterFacility
USA,2021
Malicioususeruppedthe
levelsofsodiumhydroxide
from100partspermillion
to11,100partspermillion,
impactingsafetyand
humanlives
.
–forinstance,whetherthesedevicesareobsoleteorsupported,theirvulnerabilitiesandwhattheyareconnectingto–bothintheITandOTenvironments.Organizationsshouldbeabletoinvestigatethe
systemsandprocessesineachzoneandproviderecommendedsecuritycontrols.
Supplychainandthird-partyrisk.
Astudyfoundthat40%ofOTcybersecurity
practitionersconsidersupplychain/thirdparty
accesstotheOTenvironmenttobeoneofthetopthreecybersecurityrisks.14Whereassuchconcernsmaybemotivatedbytheweakercybersecurity
practicesofthirdparties,OTcybersecuritycan
alsobecompromisedbydeliberatetamperingof
third-partyhardware,softwareorfirmware.Thiscanhappenduringthemanufacturing,distributionor
maintenanceprocesses.
Toensureastrongcybersecuritypostureacrossorganizationsandindustries,robustcybersecuritymeasuresmustbedevelopedandimplementedtoprotectbothITandOTenvironments.
Whataretheexisting
cybersecurityframeworksfortheOTenvironment?
OrganizationsarenotstartingfromscratchwhenitcomestoOTcybersecurity.Infact,anumberofcybersecurityframeworkshavealreadybeendevelopedfortheOTenvironment.
TheInternationalElectrotechnicalCommission(IEC)6244315isaninternationalseriesofstandardsthattacklecybersecurityforindustrialautomationand
controlsystems.TheNationalInstituteofStandards
Whatarethesourcesofrisks?
CybersecurityrisksintheOTenvironmentare
amplifiedbyseveraloverarchingissuesthatarenot
alwaystechnicalinnaturebutdependonfactors
suchascorporatecultureandgovernance.These
include:
Lackofemphasisoncyberissuesinoperations
andshortageofpersonnelforOTcybersecurity.
Humanerror–researchshowsthat79%ofOT
expertsconsiderhumanerrortobethegreatestrisk
forOTsystems.12Moreover,thecurrentonboarding
andtrainingofOTpersonneldonotsufficiently
ensurethattheyadoptappropriatepoliciesand
measuresforOTcybersecurity.
Uncleardelineationofprocessownershipand
prioritizationofrisks.
TheIT/OTconvergencehasblurredprocess
ownership,allowingfornocleardelineationof
responsibilitiesandobligationsbetweentheITand
OTteams.Inaddition,thetwoviewtheirpriorities
differently.FromtheITperspective,procedures
fordatasecurityandprivacyarecrucial,whereas
theOTteamplacesprimaryfocusonphysical
performanceandsafetyoffacilitiesandequipment.
Poordevice/assetvisibilityandrapid
introductionofnewassets.
Whilethecreationandmaintenanceofanasset
inventoryintheOTenvironmentisregardedasone
ofthetopsecuritycontrols,accordingtoDragos,13
asmanyas80%oforganizationslackedvisibilityof
theOTenvironmentin2022.Organizationsneedto
haveanoverviewofthedevicesintheirnetworks
UnlockingCyberResilienceinIndustrialEnvironments:FivePrinciples5
andTechnology(NIST)hasreleasedSP800-8216
–aguideonhowtoimprovethesecurityofOT
systems;whiletheEuropeanJointResearchCentrehasproposedaframeworkonIndustrialAutomationandControlsSystems(IACS)tosharepracticesonIACSproducts’cybersecuritycertifications.17
Otherexamplesofcybersecurityframeworks
applicabletotheOTenvironmentandbeyond
includetheNISTCybersecurityFramework18
aswellastheCybersecurityCapabilityMaturity
Model(C2M2).19Effortshavealsobeenmade
atthelocalleveltoenhanceOTcybersecurity.
Forinstance,SaudiArabiahasdevelopedthe
OperationalTechnologyCybersecurityControls.
Similarly,oilandgascompaniesontheNorwegiancontinentalshelffollowguidelinessuchasNOG
104,NOG110andNOG123,whileintheUS,theNorthAmericanElectricReliabilityCorporation’s
CriticalInfrastructureProtection(NERCCIP)andtheAmericanPetroleumIndustryPipelineSecuritystandardsareofrelevance.
WhilenumerousOTcybersecurityframeworks
areavailable,manyofthosereferencedhereare
extremelycomplicatedandrequirealotofeffort
toensureeffectiveimplementation,particularlyfor
third-partysuppliersandvendorsthatmaystruggletocomplyduetoresourcelimitations–humanor
financial.Thisobligatesindustrialorganizationsto
ensurethatthirdpartiesarecapableofapplyingandadheringtotheseframeworksandstandards.
NosilverbulletexistsforsuccessfulimplementationofOTcybersecurityframeworksandstandards.
Mostofthetime,industryplayersmustapplya
widerangeofframeworksandstandardstocoverdistinctpartsoftheirinfrastructure,suchaswaterpumpsandutilities.
Alotoftheabove-mentionedframeworksareveryfocusedontechnicalcontrols.Yet,OTgovernance,i.e.whoisresponsibleforcybersecurityinOTandhowitinterlockswithIT,remainsachallengefor
manyorganizations.
UnlockingCyberResilienceinIndustrialEnvironments:FivePrinciples6
1
GuidingprinciplesforcyberresilientOTenvironments
Theactiongroup“SecuringtheOTenvironment”conveningcyberleadersfromtheelectricity,
manufacturingandoilandgasindustriesaroundthetopicofOTcybersecurity,hasdeveloped
asetoffiveguidingprinciplestohelpindustrialorganizationsaddresscyberrisksandbuild
resilienceastheIT/OTconvergencecontinues.
Principle1
Principle2
Principle3
Principle4
Principle5
Perform
EnsureOTengineers
Alignwithtop
Makecybersecurity
Runjointtabletop
comprehensiverisk
andoperatorsof
organizational
standardsand
exercisestoensure
managementofthe
installationshave
leadership,strategic
bestpractices
preparednessincase
OTenvironment
responsibilityforOTcybersecurity
planningteamsand
thirdpartiestomake
security-by-designa
reality
contractually
enforceableon
partnersandvendors
tobuildacybersecure
OTenvironment
ofanactualincident
UnlockingCyberResilienceinIndustrialEnvironments:FivePrinciples7
2
Principle1
Principle2
ActionableapproachestoimplementingOT
cybersecurityprinciples
ToensurethesuccessfulimplementationoftheidentifiedOTcybersecurityprinciples,organizationsmustundertakeanumberofactionstotranslatetheoryintotangibleinstitutionalpractice.
PerformcomprehensiveriskmanagementoftheOTenvironment
Toincreaseoverallcybersecuritypreparednessandreducethepotentialandimpactofcyberattacks,
industrialorganizationsmusttakeacomprehensiveapproachtoriskmanagement.Thiscomprisesriskassessment–identificationofvulnerabilitiesand
gapsthatexposeanorganizationtoanattack,andofrisksthatcouldimpederecoveryandresilience–aswellasmitigationandmonitoringstrategies.Forriskmanagementtoberobustandcomplete,itisimportantthatorganizations:
–Identifyandclassifyassetsonthebasisontheircriticality,valueandsensitivitytotheorganization’soperations.
–Createaninventoryofthe“crownjewels”–thehighest-valueassetsintheirOTenvironment
which,ifcompromised,couldhaveamajor
impact.Oncethe“crownjewels”havebeen
identified,organizationsshouldidentifyhowtheyconnecttothenetwork,dataflows,etc.
–DetectsecurityvulnerabilitiesandthreatsacrossthemappedassetsandOTenvironment;
identifytheconsequencesthatcouldresultifthevulnerabilitiesareexploited(e.g.incaseofunauthorizedaccess,datatheft,equipment
damage,injuryandlossoflife,harmto
nationalsecurity,etc.);andprioritizemitigationaccordingly.
–Identifypotentialthreats(includingthreatevents,threatactors,etc.)thatcouldtargettheirOT
environment.
–EstablishanOTcybersecuritystrategyalignedwiththeoverallcybersecuritystrategy,outliningtheprevention,detectionandresponse
capabilities.Itshouldbereviewed,evaluated
andupdatedregularly.Organizationsshould
alsoconsiderdevelopingguidelinestoensure
effectiveadoptionandimplementationoftheOTcybersecuritystrategy.
EnsureOTengineersandinstallationoperatorshaveresponsibilityforOTcybersecurity
Researchshowsthat95%oforganizations20will
placetheresponsibilityforOTcybersecurityundertheChiefInformationSecurityOfficer(CISO)in
thenext12months.However,consideringthat
cybersecurityisasharedresponsibility,theITteamalonecannothavefullcontrolofOTcybersecurity;allstakeholders,atalllevelsoforganizational
management,needtodotheirpart.
Thismakesitimperativethatrolesand
responsibilitiesbeclearlydefinedandproperly
communicatedwithIT/OTpersonnel.Thatsaid,OTteamsdonotnecessarilyhavetheawareness
orknowhowtoproperlyinspectandsecureOTnetworks.InordertoshareresponsibilityforOTcybersecurity,OTpersonnelacrossindustrialorganizationsneedtounderstand:
–When,howandwhyasecuritybreachmightoccurintheOTenvironment.CommunicationsonsecurityawarenessshouldbecarriedoutcontinuouslyforallOTpersonnel.
–Whotocontactincaseofasecuritybreachorsuspiciousactivity,thatis,whotogethelpfromandwhotocollaboratewithforsupport.
UnlockingCyberResilienceinIndustrialEnvironments:FivePrinciples8
Principle3
DifferentthreatdetectiontechnologiesusedbyITandOTcoulddetectthreatsinthe
OTenvironment.Therefore,cooperation
andcommunicationbetweentheITandOT
departmentsisessentialtoensurethatallstaffhaveclearlyandpreciselydefinedrolesand
responsibilitiesforworkingtogetheronincidentresponseinOT.
–Thevulnerabilitiesandrisks(includinginheritedrisks)thateachconnecteddeviceintheOT
environmentbrings.
–TheroleoftheSecurityOperationsCentre
(SOC),CISOteam,etc.OTpersonnelshouldalsobuildarelationshipwiththeSOCand
CISOteamstoensuretransferofknowledgeonsecurityarchitectureandpolicies,includingontheprevention,detection,analysisand
responsetocybersecurityincidents.Among
theOTpersonnel,a“CyberChampion”shouldbeappointedineachfacilitywhocanhelpwithcyberissuesduringcrises.
Alignwithtoporganizationalleadership,strategicplanningteamsandthirdpartiestomakesecurity-by-designareality
MostoftheexistingOTwasnotdesignedwith
cybersecurityinmind.Security-by-designisa
processratherthanaone-time“bolt-on”effortandassuchshouldgobeyondintegrationofsecurityduringthedesignanddevelopmentphaseofaproduct/
service.Toenforceasecurity-by-designapproachintheOTenvironment,organizationsshould:
–Raisecybersecurityissuesandrisksto
corporatemanagementtoensurethatcritical
OTsystemsaresafeguardedfrompotentialrisksandvulnerabilitiesfromtheoutsetby:
–OrganizingexecutivebriefingstohighlighttheimpactofOTcyberrisksonbusinessoperations,financesandreputation.
–Developingandpresentingriskassessmentstocommunicatetheinterplaybetween
OTcybersecuritybreaches,operationaldowntimeandcompliancepenalties.
–Sharingcasestudiesillustratingreal-worldexamplesofcybersecurityincidentsintheOTenvironmentandtheconsequences
experiencedbyorganizationsthatwerecaughtoff-guard.
–EncouragingtheintegrationofOT
cybersecurityintotheoverallbusiness
strategytoensurecompetitiveadvantage
bydemonstratingcommitmenttoprotectingcriticalOTinfrastructure.Itcanultimately
helpfosteroverallresilienceacrossindustryecosystems.
UnlockingCyberResilienceinIndustrialEnvironments:FivePrinciples9
Principle4
Principle5
Contractuallybindandenforcesecurity
standardsonpartnersandvendorstobuildasecureOTenvironment
Third-partysuppliersandvendorsdifferinthewaytheyapproachcybersecurity.Nevertheless,they
havetoguaranteethesecurityoftheirproductorserviceandtakeresponsibilityforwhatisdelivered.TobuildasecureOTenvironmentandensure
successfulcollaborationwithandenforcementofsecuritystandardsbypartnersandvendors,industrialorganizationsshould:
–ConductthoroughduediligenceofbothITandOTcybersecurityposturebeforecollaboratingwithanythird-partyvendorsandsuppliers.Theassessmentshouldcoverhowacyberattackagainstathird-partyvendororsuppliercouldimpactoperations.
–Classifyandcategorizethirdpartiesaccordingtotheirlevelandtypeofrisk(compliance,
financial,reputation,etc.)beforetheycanaccessfacilities,networkandconfidentialinformation.
–Incorporatealistofbaselinesecurity
requirementsforthird-partyvendorsand
supplierswithaccesstofacilities,network
andconfidentialinformationwithinthesecurityframeworkmentionedinprinciple1.These
securityrequirementsshouldbemetbeforeformalizationofcollaboration.Examplesofsecurityrequirementsinclude:
–Implementationofsecuritylevels(SL)3and4ofIEC62443.
–ApplicationofadvancedcybersecuritystandardsforOTsoftwaredevelopment.
–Demonstrationofprovenhands-onexpertiseinhandlingcybersecurityevents.
–IncludeOTcybersecurityrequirementsin
contracts.OTcybersecurityrequirements
shouldcoverareassuchassecureremoteaccess,useofremovablemediadevices
totransferfiles,termsandconditionsfor
dataprotectionandprocessingofsensitiveinformationsharedbetweentheorganization
andthethirdparty,accident/incidentnotificationandreporting,etc.
–Continuouslyauditvendorandsuppliersecurityperformancetoensuretheyareadheringto
previouslyagreedsecuritycontrols.
–Incasethesecuritycontrolsarenotobserved,organizationsshoulddevelopanexitstrategythatincludesproperoversightoverthe
terminationofcollaborationwiththevendor,returnofassets,etc.
Runjointtabletopexercisestoensure
preparednessincaseofanactualincident
Atabletopexercisecannotalwaysperfectly
replicateeveryaspectofareal-lifescenarioor
incidentresponsesituation.Toensuremaximumpreparednessandamplifyitsbenefits,thetabletopexerciseshouldincludekeypersonnelandshouldhaveclearlydefinedandachievableobjectives.
Organizationsshouldtherefore:
–Usesecurityscenariosbasedonrealevents,andleverageandadaptexistingcrisis
managementprocedurestothecybercontext.
–EngagethecorrectstakeholdersthatgobeyondITandOTpersonnel.Exercisesshouldincludetheemergencypreparednessgroup,executiveleadershipandmanagement,technical
staff,thirdparties,legalcounselaswellas
psychologistswhocanevaluatetheresponsesandactionstakenbythesecurityincident
responseteam(SIRT).
–ClarifytherepresentationofOTcyber
competenceinincidentresponsetoensure
preparednesswhenathreateventoccursandexplorewhetheroperationscanberunintheOTenvironmentwithouttheIT.
–IncludeOTsitesacrossmultiplegeographiesandconsiderthelegalaspectsthatmayarise.
–Identifyweaknesses/gapsintheincident
responseandincludelessonslearnedinthepost-drillanalysisreports.
–Produceandcontinuouslyupdatethe
executives’playbookwithlessonslearnedfromsuchexercises.
UnlockingCyberResilienceinIndustrialEnvironments:FivePrinciples10
3
Monitoringthe
implementationof
OTcybersecurity
principles
ImplementationofOTcybersecurityprinciples
aloneisnotenough.Trackingtheirprogressandcontinuousassessmentofimpactiskeyinordertoensureeffectivenessoftheprinciplesandthatorganizationsareadaptingtothenewprocesses.TosuccessfullymonitortheimplementationofOTcybersecurityprinciples,organizationsshould:
–PerformregularauditstomonitorcompliancewiththeOTcybersecurityprinciples,includingassessmentsofcriticalthirdpartieswithaccesstotheOTenvironment.
–Conductreal-timemonitoringtodiscover,
identifyandassessdevicesandvulnerabilitieswithintheOTenvironment.The“now,nextandnever”approachcanhelporganizationsassessvulnerabilities.Gatheredinformationshouldbekeptinaregisterandreviewedperiodically.
–Developastrategicroadmapandprocessfor
reportingtothecorporateboardaboutprogressonOTcybersecurity.
–Senddata(e.g.IDSdata)regularlytothe
secur
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 胆总管成形术后护理查房
- 物流行业绿色环保包装使用制度
- 医疗服务质量监管与评估制度
- 制造业安全生产操作规范制度
- 课件-新会计准则与企业所得税差异解析
- 全国职业院校教师教学能力提升工程实施策略考试及答案试题
- 护理技能提升宝典
- 鼻咽癌课后习题及答案解析(护理培训专用)
- 护理部培训工作总结
- 过敏性紫癜护理专项试题
- 2026年网格员招聘考试公共基础知识试题及答案
- 2026年高考语文终极冲刺复习:专题01 信息类文本阅读(抢分专练)(全国适用)(解析版)
- 2026学习教育查摆问题清单合集多篇(四大方面存在问题、具体表现、整改措施)
- 2025年福建省世界少年奥林匹克思维能力测评五年级数学试卷(A卷)(含解析)
- 海南省2025届中考物理试题(附答案)
- 5年(2021-2025)上海中考物理真题分类汇编专题14 电学压轴实验题(原卷版)
- T-SETA 0005--2023 电梯按需维护保养导则
- 艾滋病患者心理调适与社会支持策略
- 钢结构防腐油漆涂装方法施工方案
- 人教版小升初考试数学试卷(含解析)西藏自治区2025年
- 我国县域经济高质量发展的指标体系构建
评论
0/150
提交评论