Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

Best Practices in Multi-factor Authentication and Allowlisting in OT Environments

LOGIIC - Linking the Oil and Gas Industry to Improve Cybersecurity - has published the results of its most recent study on how asset owners and vendors approach multi-factor authentication (MFA) and allowlisting in their operational technology (OT) environments. 

Multi-factor Authentication (MFA)

LOGIIC members assert the best practice access approach is to implement MFA at logical boundaries and provide physical badge access to the control rooms. This ensures that all ingress points, logical and physical, are protected. Anything beyond this would be additional layers of security and would be aspirational.

Allowlisting

Allowlisting, also called application control, helps to mitigate security attacks by permitting only those files, applications, and processes that are trusted, or "allowed," to be run.

LOGIIC members assert the best practice recommendation is to block unauthorized applications, services, and code in the OT environment. Allowlisting will not be implemented in the information technology (IT) environments that are not directly connected to the OT environment and not required for OT operations because there is sufficient risk mitigation at the OT/IT boundary with protections such as firewalls.

Read the Study

The complete study, including key findings from the survey, is available on the LOGIIC website

More about LOGIIC

LOGIIC is a consortium hosted by the International Society of Automation (ISA), the publisher of the world's most complete industrial cybersecurity standards (ISA/IEC 62443). For 17 years, LOGIIC has funded research on cybersecurity vulnerabilities in oil and gas (O&G) automation systems. logiic-logo_full-color

For the past several years, LOGIIC has conducted small studies on securing oil and gas sector operations from cyber threats. Member companies select projects based on common interests and benefits to the group, with the end result of study reports that provide benefits and insights to the broader oil and gas community. 

 

 

Liz Neiman
Liz Neiman
Liz Neiman is the managing director of strategic engagement for the International Society of Automation (ISA), with oversight of marketing, communications, PR, events, and outreach activities. Prior to joining ISA, Liz led marketing, communications, and events activities for the American National Standards Institute (ANSI), as well as for edtech nonprofit MIND Research Institute. She is a graduate of Johns Hopkins University.

Related Posts

What Does the Future of Zero Trust in OT Look Like?

Zero trust principles have established themselves in the mindshare of cybersecurity practitioners worldwi...
Jacob Chapman Dec 20, 2024 7:00:00 AM

North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and ISA/IEC 62443 Comparative Analysis

The Utilities Technology Council and Cumulys recently prepared a report in partnership with the ISA Globa...
Kara Phelps Dec 13, 2024 7:00:00 AM

Securing PLCs Through the Backplane: Balancing Performance and Simplicity

With the increasing convergence of operational technology (OT) and information technology (IT), the need ...
Ashraf Sainudeen Dec 6, 2024 7:00:00 AM