Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

OT Security Dozen: Series on Building an OT/ICS Cybersecurity Program

Over next couple of weeks and months in 2022, I am excited to be sharing some experience and insights on the 12 foundational steps for an “Operational Technology (OT)/Industrial Control System (ICS) Cybersecurity Program” – calling it “The OT Security Dozen.

This will hopefully serve as guidance or building blocks to improve and operationalize cybersecurity practices for OT/ICS operations, especially for those industrial organizations worldwide (APAC manufacturing sector in particular) that are exploring ways to either start their journey and are not sure where to begin and/or in some cases trying to improve or mature their current initiatives. 

Phase 1 - Evaluate | Assess | Discover | Define

1.      OT/ICS Cybersecurity Assessments/Reviews   

2.      OT/ICS Cybersecurity Policy & Governance  

Phase 2 - Implement | Deploy (Protect & Detect)

3.      OT/ICS Cybersecurity Architecture & Segmentation (between IT & OT networks)

4.      OT/ICS Asset Discovery & Threat Detection (OT IDS) Tools Selection & Implementation

5.      OT/ICS Configuration Hygiene

6.      OT/ICS Secure Remote Access

7.      OT/ICS Access Control

8.      OT/ICS Endpoint Protections (AV, Host IDS/EDR, USB controls)

9.      OT/ICS Supply Chain Security (risks related to SBOM, OEMs, third-party service providers)

Phase 3 - Monitor | Respond & Measure

1.      OT/ICS Cybersecurity Monitoring (via an Integrated SOC/MSS Operations)

2.      OT/ICS Incident Response Plan

3.      OT/ICS Audit & Security Testing – Continuous Measurement

Obviously, this is not an exhaustive list of initiatives for controls around people, processes, and technology for the world of OT/ICS. However, “The OT Security Dozen” will provide you that very strong and solid foundation required for establishing and running a successful OT/ICS cybersecurity program.

Some of these 12 initiatives can be run in parallel, and some may perhaps be better run sequentially. Prioritization of these initiatives may differ from one organization to another, based on several factors and the uniqueness of an organization's environment (e.g. network architecture, culture, people, processes, budget, skillsets, etc.). Regardless of the prioritization sequence, successful execution of these initiatives will raise your maturity level against any given industry standards that’s preferred by the organization and/or compliance against any applicable standards/regulations.

In the twelve part series – the OT Dozen, I’ll deep dive into each of these initiatives along with potential mappings to ISA/IEC 62443 standards requirements, NIST-CSF domains, and CSC Top 20.

If we were to choose anything else as the 13th initiative, it would likely be "IT & OT Ransomware Protection Program (RPP)." This would be your 13th warrior against the widespread threat landscape and while such a program would need to include most of the preparation elements above, it does need more to look into (e.g., the importance of backups and recovery) which will not be covered in this series and warrants its own post altogether.


A version of this article originally appeared on LinkedIn. The author will be first featuring the series on this platform and encourages everyone to follow along in the SecuringThings newsletter.

See Part 1 here. See Part 2 here. See Part 3 here.

Muhammad Yousuf Faisal
Muhammad Yousuf Faisal
M. Yousuf Faisal (EMBA, GICSP, ISO 27001 LA, CISSP, CISM, CISA) has two decades of technology & IT/OT cybersecurity-related industry experience, helping organizations worldwide (specially across APAC) securing their digital transformation journey with secure-by-design principles. He has served both as an end user and mostly as an independent consultant/advisor across multiple industrial sectors and enterprise organizations. Currently, he is doing business development, presales/solution and consulting delivery for emerging technologies in IT & OT, GRC/PCI, and other cybersecurity services across APAC region. He holds a B.E. Electrical and an Executive MBA degree.

Related Posts

Securing Industrial Networks Can–And Should–Be Simple

A version of this blog originally appeared on Cisco
Andrew McPhee Jan 24, 2023 5:30:00 AM

Double Extortion Ransomware: What It Is and How to Respond

New attack methods in the cybersecurity landscape continue to emerge in the digitally driven world. One t...
Zac Amos Jan 17, 2023 5:30:00 AM

Defending Remote-Friendly Environments from Cyberattacks

This blog has been repurposed from the December 2022 issue of InTech
Damon Purvis Jan 10, 2023 5:30:00 AM