Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Best Practices in Multi-factor Authentication and Allowlisting in OT Environments

LOGIIC - Linking the Oil and Gas Industry to Improve Cybersecurity - has published the results of its most recent study on how asset owners and vendors approach multi-factor authentication (MFA) and allowlisting in their operational technology (OT) environments. 

Multi-factor Authentication (MFA)

LOGIIC members assert the best practice access approach is to implement MFA at logical boundaries and provide physical badge access to the control rooms. This ensures that all ingress points, logical and physical, are protected. Anything beyond this would be additional layers of security and would be aspirational.

Allowlisting

Allowlisting, also called application control, helps to mitigate security attacks by permitting only those files, applications, and processes that are trusted, or "allowed," to be run.

LOGIIC members assert the best practice recommendation is to block unauthorized applications, services, and code in the OT environment. Allowlisting will not be implemented in the information technology (IT) environments that are not directly connected to the OT environment and not required for OT operations because there is sufficient risk mitigation at the OT/IT boundary with protections such as firewalls.

Read the Study

The complete study, including key findings from the survey, is available on the LOGIIC website

More about LOGIIC

LOGIIC is a consortium hosted by the International Society of Automation (ISA), the publisher of the world's most complete industrial cybersecurity standards (ISA/IEC 62443). For 17 years, LOGIIC has funded research on cybersecurity vulnerabilities in oil and gas (O&G) automation systems. logiic-logo_full-color

For the past several years, LOGIIC has conducted small studies on securing oil and gas sector operations from cyber threats. Member companies select projects based on common interests and benefits to the group, with the end result of study reports that provide benefits and insights to the broader oil and gas community. 

 

 

Liz Neiman
Liz Neiman
Liz Neiman is the managing director of strategic engagement for the International Society of Automation (ISA), with oversight of marketing, communications, PR, events, and outreach activities. Prior to joining ISA, Liz led marketing, communications, and events activities for the American National Standards Institute (ANSI), as well as for edtech nonprofit MIND Research Institute. She is a graduate of Johns Hopkins University.

Related Posts

How to Protect Sensitive Health-Related Information Against Cyberattacks

Digital transformation has disrupted the healthcare industry, as new online platforms and applications ar...
Jonas Iggbom Jun 2, 2023 8:00:00 AM

Metal Fabricators Must Protect Themselves from Cyberattacks

Every industry is vulnerable to cybersecurity threats, including metal fabrication. Protecting this secto...
Emily Newton May 23, 2023 8:00:00 AM

Recent Outlook of Cybersecurity Threats in the Construction Sector

Since the global coronavirus pandemic began in 2020, there has been a huge shift toward increased relianc...
Nahla Davies May 16, 2023 7:00:00 AM