Yesterday, CISA, and a wide range of international partners, published “Principles of Operational Technology Cyber Security”. This relatively short (14 pages) document provides a broad overview of the important aspects of cybersecurity for Operational Technology. A shorter (2 page) ‘quick reference’ document is also available. Not a lot of detail, and that should not be expected in a 14-page document, but it provides a skeleton upon which an OT cybersecurity program could be built. One point of note, you will have to overlook many of the spelling differences (‘defences’ vs ‘defenses’ for instance), this was written in the British/Australian version of the English language.
From my point of view, Principle 6 from the Quick Reference Guide is one of the most important points made in the document:
Principle 6: People are essential for OT cyber security – People are the first line of defence. A cyber-related incident in OT cannot be prevented, defended against, identified, responded to and recovered from in a timely manner without people with the necessary tools and training looking for it, and able to competently respond to it. An investment in staff to create a collaborative team of trained and skilled people with necessary tools, supported by a mature and organisation-wide cyber-security culture, is critical to an organisation’s cyber defences.
There are no surprises here. Just solid fundamentals.
Posts
No comments:
Post a Comment