•  How  are  you  protecting  home  field  advantage?  –  You  must  have  a  defendable  architecture
                   specific  to  your  OT/ICS  environment.  Many  attacks  focused  on  OT  often  start  in  the  IT
                   environment  and  then  navigate  to  OT.  Implement  a  modern  cybersecurity  architecture  that
                   incorporates leading practices such as:

                       o  Industrial Demilitarized Zone-FW/IT-OT Network Segregation and Micro Segmentation for
                          safeguarding the OT perimeter and high value, vulnerable assets within OT – see this
                          CISA example.
                       o  Identity and Access Management to enforce access and password policies
                       o  Multi-factor authentication to enhance the security of remote access connections
                       o  Endpoint device protection to enhance data integrity and security
                       o  USB security controls to enforce removable media policies

            This allows you to leverage a layered defense strategy to help keep out unauthorized users.

               •  How are you maintaining situational awareness? – You can’t effectively respond to threats if you
                   don’t know the status of your OT/ICS environment. Be sure to deploy continuous threat monitoring
                   controls to detect anomalous or suspicious activity in your OT network. Keep asset inventory
                   updated and establish a baseline that alerts the security team when unauthorized devices or users
                   come on the network.
               •  How are you preparing for the handling of incident responses? – Your ability to respond decisively
                   to  security  incidents  is  determined  by  your  organization’s  readiness.  Establish  a  business
                   continuity plan that focuses on operational resiliency and perform tabletop exercises to pressure
                   test  those  incident  response  playbooks  ahead  of  “game  day.”  Role  play  through  situational
                   questions such as:
                       o  Can the plant be isolated and run in a state of autonomy? If so, how long?
                       o  Does the plant personnel know what production lines to run or focus on during a state of
                          isolation?
                       o  What key stakeholders are required and authorized to make critical and timely decisions
                          during a security breach or incident?
                       o  What specialized OT/ICS resources are on retainer for incident response investigations
                          and remediation activities?
                       o  If wiped out, how long does it take to recover or rebuild from an attack versus paying a
                          potential ransomware fee?

            You play how you practice, so be prepared.

            How are you driving cultural awareness? – Your biggest threat, unintentionally in many cases, comes
            from within the organization. Hold regular cyber awareness training for personnel, including activities
            such as password hygiene and phishing email exercises.












            Cyber Defense eMagazine – September 2022 Edition                                                                                                                                                                                                         45
            Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.