Establishing robust network segmentation only scratches the surface of safeguarding operational technology (OT) environments. Enhancing security and resilience further requires implementing focused strategies such as advanced monitoring, comprehensive documentation and OT-specific incident response plans.

As cybersecurity teams increasingly oversee OT and industrial control systems (ICS), aligning priorities and resources is critical. OT environments are diverse, spanning industries like manufacturing, healthcare and utilities. Whether it’s factory automation or building access control, safeguarding OT cyber-physical systems has become vital. According to KnowBe4, cyberattacks targeting critical OT environments are expected to increase by 30% annually, highlighting the urgency of prioritizing OT security.

Achieving true resilience demands more extensive efforts. Below are nine considerations for organizations beginning discussions around OT security and resilience. For best practices for various stakeholder groups, you may refer to the ISA/IEC 62443 series of standards for automation and control systems cybersecurity.

1. Assemble a Cross-Functional Team

Combine the expertise of IT and OT professionals to bridge gaps in understanding and practice. OT environments often require unique solutions that diverge from conventional IT practices. A Cisco report in 2024 found that organizations with collaborative IT and OT teams reported 40% fewer security incidents in their OT environments. Fostering a peer relationship between IT architects and OT engineers is critical to co-developing strategies that address the complexities of OT systems.

2. Diagram and Document OT Systems

Mapping OT environments is an essential step to enhance visibility and preparedness. This involves detailing dependencies, data flows and integrated systems such as enterprise resource planning (ERP) or quality management software. To streamline this process, consider frameworks like the Purdue Enterprise Reference Architecture or the ISA/IEC 62443 standards. Leveraging specialized tools or OT topology software may help simplify this otherwise complex task, making it more manageable and efficient.

3. Maintain Dynamic Asset Inventories

Maintaining a validated inventory of OT assets is critical to ensuring both security and operational continuity. Organizations should consider adopting systems capable of providing real-time updates on asset status and contextual information, such as maintenance schedules and vulnerabilities. According to Gartner, one major challenge for vulnerability management programs is having an incomplete or outdated configuration management database (CMDB), which significantly hampers visibility into the remediation process.

4. Enhance Logging and Alerting

Customize logging for the OT environment to detect anomalies and reduce noise. High-fidelity alerts not only identify security threats but also help detect system faults early. Dragos emphasizes that "you can’t protect what you can’t see," advocating for tools that provide OT visibility as essential components of a comprehensive security strategy.

5. Eliminate Shared IT/OT Accounts

Segmentation should extend to user accounts. Avoid shared identities or overlapping credentials between IT and OT systems. For users managing both environments, consider creating distinct accounts for each. A 2024 report by ConductorOne revealed that 77% of organizations experienced cyberattacks or data breaches in the past 12 months due to improper access or overprivileged users.

6. Segment Within OT Networks

Beyond IT/OT separation, internal OT segmentation is essential to limit the spread of potential threats. Use segmentation (ISA/IEC 62443 refers to zones and conduits) to isolate processes and minimize the impact of disruptions in specific areas. Booz Allen Hamilton reported that creating digital "blast zones" through segmentation increased global OT/IT protections by 40%, with a 52.4% improvement by geography.

7. Adopt Risk-Based Vulnerability Management

Traditional patching isn’t always viable for OT systems. Develop a tailored vulnerability management program that prioritizes risk mitigation. Emphasize segmentation and resilience features, especially since patches are often unavailable for OT vulnerabilities. According to the Dragos ICS/OT Cybersecurity Year in Review report, 35% of analyzed OT vulnerabilities could lead to both loss of view and loss of control within operational technology systems, which are among the most severe operational scenarios. However, nearly 90% of these vulnerabilities lacked available patches or alternative mitigations at the time of advisory issuance.

8. Develop an OT-Specific Incident Response Plan (IRP)

Incident response is critical in OT settings. Create a dedicated OT IRP that integrates with your overall strategy. Consult specialized partners or industry resources if in-house expertise is insufficient. CISA's "Rising Ransomware Threat to Operational Technology Assets" advises organizations to exercise their incident response plans regularly to ensure critical functions can continue during disruptions.

9. Invest in Continued Education

Encourage ongoing learning through resources like the ISA/IEC 62443 certification programs. The National Institute of Standards and Technology (NIST) has said that proper training can help organizations identify vulnerabilities, implement security controls and respond effectively to incidents.

Some Final Thoughts to Leave You With...

IT-centric assumptions often lead to flawed strategies for OT environments. Basic IT practices, such as automated password lockouts, may not translate safely to OT. A collaborative cross-functional team can mitigate these missteps, ensuring tailored solutions that respect the nuances of OT systems.

As you embark on enhancing OT resilience, the considerations above may be helpful in starting discussions. Recognize that IT and OT are distinct domains requiring customized security measures, and refer to established OT cybersecurity frameworks for guidance. By laying a solid foundation, organizations can mitigate risks to their OT environments, safeguarding operations and achieving long-term resilience.