Building a Resilient World:
The ISAGCA Blog

Welcome to the official blog of the ISA Global Cybersecurity Alliance (ISAGCA).

This blog covers topics on automation cybersecurity such as risk assessment, compliance, educational resources, and how to leverage the ISA/IEC 62443 series of standards.

The material and information contained on this website is for general information purposes only. ISAGCA blog posts may be authored by ISA staff and guest authors from the cybersecurity community. Views and opinions expressed by a guest author are solely their own, and do not necessarily represent those of ISA. Posts made by guest authors have been subject to peer review.

All Posts

OT Security Dozen: Series on Building an OT/ICS Cybersecurity Program

Over next couple of weeks and months in 2022, I am excited to be sharing some experience and insights on the 12 foundational steps for an “Operational Technology (OT)/Industrial Control System (ICS) Cybersecurity Program” – calling it “The OT Security Dozen.

This will hopefully serve as guidance or building blocks to improve and operationalize cybersecurity practices for OT/ICS operations, especially for those industrial organizations worldwide (APAC manufacturing sector in particular) that are exploring ways to either start their journey and are not sure where to begin and/or in some cases trying to improve or mature their current initiatives. 

Phase 1 - Evaluate | Assess | Discover | Define

1.      OT/ICS Cybersecurity Assessments/Reviews   

2.      OT/ICS Cybersecurity Policy & Governance  

Phase 2 - Implement | Deploy (Protect & Detect)

3.      OT/ICS Cybersecurity Architecture & Segmentation (between IT & OT networks)

4.      OT/ICS Asset Discovery & Threat Detection (OT IDS) Tools Selection & Implementation

5.      OT/ICS Configuration Hygiene

6.      OT/ICS Secure Remote Access

7.      OT/ICS Access Control

8.      OT/ICS Endpoint Protections (AV, Host IDS/EDR, USB controls)

9.      OT/ICS Supply Chain Security (risks related to SBOM, OEMs, third-party service providers)

Phase 3 - Monitor | Respond & Measure

1.      OT/ICS Cybersecurity Monitoring (via an Integrated SOC/MSS Operations)

2.      OT/ICS Incident Response Plan

3.      OT/ICS Audit & Security Testing – Continuous Measurement

Obviously, this is not an exhaustive list of initiatives for controls around people, processes, and technology for the world of OT/ICS. However, “The OT Security Dozen” will provide you that very strong and solid foundation required for establishing and running a successful OT/ICS cybersecurity program.

Some of these 12 initiatives can be run in parallel, and some may perhaps be better run sequentially. Prioritization of these initiatives may differ from one organization to another, based on several factors and the uniqueness of an organization's environment (e.g. network architecture, culture, people, processes, budget, skillsets, etc.). Regardless of the prioritization sequence, successful execution of these initiatives will raise your maturity level against any given industry standards that’s preferred by the organization and/or compliance against any applicable standards/regulations.

In the twelve part series – the OT Dozen, I’ll deep dive into each of these initiatives along with potential mappings to ISA/IEC 62443 standards requirements, NIST-CSF domains, and CSC Top 20.

If we were to choose anything else as the 13th initiative, it would likely be "IT & OT Ransomware Protection Program (RPP)." This would be your 13th warrior against the widespread threat landscape and while such a program would need to include most of the preparation elements above, it does need more to look into (e.g., the importance of backups and recovery) which will not be covered in this series and warrants its own post altogether.


A version of this article originally appeared on LinkedIn. The author will be first featuring the series on this platform and encourages everyone to follow along in the SecuringThings newsletter.

See Part 1 here. See Part 2 here. See Part 3 here. See Part 4 here.

Muhammad Yousuf Faisal
Muhammad Yousuf Faisal
M. Yousuf Faisal (EMBA, GICSP, ISO 27001 LA, CISSP, CISM, CISA) has more than two decades of industry experience in technology and cybersecurity, helping organization across multiple industry sectors worldwide, secure their digital transformation journey. As founder of “Securing Things," currently offering Cybersecurity Advisory and Consulting services, training, and solutions, both IT & OT/ICS/IOT environments. He holds a B.E. Electrical and an Executive MBA degree.

Related Posts

Protecting Vital OT Infrastructure: Key Strategies for OT Penetration Testing

Operational technology (OT) cybersecurity faces significant challenges in maturing its operations and pro...
Mohannad AlRasan May 24, 2024 4:44:16 PM

How to Implement Cybersecurity Automation in Education

Every industry today needs to take cybersecurity seriously. That said, some sectors face more dangers tha...
Zac Amos May 17, 2024 4:04:28 PM

How Machine Learning Revolutionizes Automation Security with AI-Powered Defense

The terms “AI” and “machine learning” are often used interchangeably by professionals outside the technol...
John Funk May 10, 2024 3:16:51 PM