Will OT security for the Oil & Gas industry become regulatory?
Which of the security standards and recommended practices from the different trade organizations and regulators should you adapt?
How do your IT policies and procedures map against your OT environment?
These are just some of the questions that need to be addressed as you confront the process of securing OT environments. Our staff has been on the front lines of this battle, helping to shape the conversation and ultimately, our client’s approach to addressing existing and emerging cyber and physical security threats. Many of our staff have played key roles in the formation and development of standards and guidelines for many years and have a deep understanding on how and when to implement them for your organization.
Do you have IT or OT security policies and procedures?
Is your staff fully conversant in them?
Developing policies and procedures is a critical first step in the journey. Starting with the IT policies and procedures as a baseline, OT policies can be developed that include “step out” to address the differences between the environments. Our seasoned consultants and SME’s have assisted multiple clients with developing these documents. We have also assisted clients with determining which best practices to implement, performing risk analysis and providing mitigation assistance. Training is another critical factor to keep staff members aware of risks and the procedures to address them. Our CISO currently teaches security at the SANS institute.
Where are the greatest risks in my current network and how can I reduce them?
Will this new security tool be beneficial to reducing my risk?
There are many new tools and products being developed for the OT environment, most with claims that they will improve cyber-security. However, knowing the real risks that are present in your environment is a fundamental first step that any organization needs to articulate. Understanding where the risks are requires analysis by people who understand OT environments and how to apply countermeasures to ensure that up-time, reliability and data integrity to these systems.
Critical Infrastructure and Executive Order 13636
"Understanding Impact and Implications"
White paper co-authored by Eric Cosman, Vice President, Standards and Practices, ISA and John Lellis, Chief Technology Officer, Berkana Resources Corporation