Building a Resilient World:

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Best Practices in Multi-factor Authentication and Allowlisting in OT Environments

LOGIIC - Linking the Oil and Gas Industry to Improve Cybersecurity - has published the results of its most recent study on how asset owners and vendors approach multi-factor authentication (MFA) and allowlisting in their operational technology (OT) environments. 

Multi-factor Authentication (MFA)

LOGIIC members assert the best practice access approach is to implement MFA at logical boundaries and provide physical badge access to the control rooms. This ensures that all ingress points, logical and physical, are protected. Anything beyond this would be additional layers of security and would be aspirational.


Allowlisting, also called application control, helps to mitigate security attacks by permitting only those files, applications, and processes that are trusted, or "allowed," to be run.

LOGIIC members assert the best practice recommendation is to block unauthorized applications, services, and code in the OT environment. Allowlisting will not be implemented in the information technology (IT) environments that are not directly connected to the OT environment and not required for OT operations because there is sufficient risk mitigation at the OT/IT boundary with protections such as firewalls.

Read the Study

The complete study, including key findings from the survey, is available on the LOGIIC website

More about LOGIIC

LOGIIC is a consortium hosted by the International Society of Automation (ISA), the publisher of the world's most complete industrial cybersecurity standards (ISA/IEC 62443). For 17 years, LOGIIC has funded research on cybersecurity vulnerabilities in oil and gas (O&G) automation systems. logiic-logo_full-color

For the past several years, LOGIIC has conducted small studies on securing oil and gas sector operations from cyber threats. Member companies select projects based on common interests and benefits to the group, with the end result of study reports that provide benefits and insights to the broader oil and gas community. 



Liz Neiman
Liz Neiman
Liz Neiman is the managing director of strategic engagement for the International Society of Automation (ISA), with oversight of marketing, communications, PR, events, and outreach activities. Prior to joining ISA, Liz led marketing, communications, and events activities for the American National Standards Institute (ANSI), as well as for edtech nonprofit MIND Research Institute. She is a graduate of Johns Hopkins University.

Related Posts

Presenting IT and OT Cybersecurity Strategy to Executives/Board of Directors

This blog post will be in continuation to the ninth edition of the Securing Things newsletter - Digital T...
Muhammad Yousuf Faisal Dec 6, 2023 2:54:28 PM

Role of Data Diodes in the Evolving Landscape of OT Cybersecurity

Technology is evolving at such an enormous pace in this era that it often becomes challenging to balance ...
Muhammad Ahmed Nov 28, 2023 8:00:00 AM

How to Manage Cybersecurity Automation Challenges

Cybersecurity automation stands at the forefront of technological advancement, equipping businesses with ...
Zac Amos Nov 16, 2023 2:33:17 PM