Running a Successful OT Cybersecurity Assessment
Sep 19, 2024
/
Industry Insight
An OT cybersecurity assessment is often the first step in an OT security journey. An OT cybersecurity assessment is a detailed examination of an organization's industrial environment, supporting infrastructure, security program, and operational cyber practices. The goal is to understand the current state, identify strengths, gaps, and vulnerabilities, and provide recommendations to address them.
Components
An OT cybersecurity assessment is traditionally made up of the following parts, but can be customized as needed:
Control System Topology Review: A detailed topology review of the control system architecture, including the devices that control the physical process, the supervisory control systems, the supporting systems such as engineering servers, the business interfacing systems, as well as the underlying compute and storage infrastructure.
Network Topology Review: A detailed topology review of the networks that support the control systems. This includes reviewing the network structure, configurations, traffic flows, and traffic control (firewall rules and access control lists).
Crown Jewel Analysis: A process that identifies the critical systems and supporting assets that support the vital functions of the industrial environment.
Threat Landscape: A threat landscape is developed using open intel sources that profile the customer's vertical and environment. The profile integrates information from the topology reviews, crown jewel analysis, and deployed technology stack.
OT Program Review: A maturity assessment, review of OT policies, procedures, and playbooks, as well as a compliance gap assessment, make up the OT program review.
The program maturity assessment is based on the Department of Energy (DOE) Cybersecurity Capability Maturity Model (C2M2) tool or the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) program.
The program review is completed in line with industrial cybersecurity frameworks, including ISA99/IEC 62443, NIST Cybersecurity Framework (CSF), NIST SP 800-82, and Center for Internet Security (CIS).
The compliance gap analysis assesses the alignment of the OT program's compliance to applicable standards, including NERC CIP, TSA Security Directives, and EU NIS/NIS2 directives.
OT Detection Analysis: An assessment of the detection capabilities within an industrial environment and supporting OT program.
Prioritized Findings and Recommendations: A set of findings observed by Insane Cyber, including details about what was found, its significance, and a tailored recommendation on how to address it. The findings focus on how people, processes, and technology can solve the identified challenge areas.
Deliverables
The primary deliverable of an OT cybersecurity assessment is a detailed report that provides information on each of the included components as well as a prioritized list of findings and recommendations. The findings include details about what was found, its significance, and a tailored recommendation on addressing it, including supporting material. The findings focus on how people, processes, and technology can solve the identified challenge or vulnerability.
While the report is the primary deliverable, the interactive sessions throughout the project, including the closeout briefing, provide immense benefits to participants. The project teams leverage their extensive backgrounds in the industry and cybersecurity to provide as much knowledge transfer as possible.
Tips for Getting the Most out of an OT Cybersecurity Assessment
Involve multiple teams from your organization, including operations, engineering, OT, IT, compliance, security, and leadership
If you have a critical third party, such as an integrator or control system manufacturer, that provides support, bring them into the engagement.
Collect and provide as much RFI information as is available
Work with the engagement team to define expected outcomes, goals, and audience ahead of time.