Last October, the Industrial Cybersecurity Center (Centro de Ciberseguridad Industrial, CCI) hosted a 2 day Congress on Industrial Cybersecurity. The attendees were a 60/40 mix of IT and OT staffers from a broad range of industries including oil & gas companies, utilities, system integrators, and industrial systems manufacturers.
With the escalating threat landscape and US ICS-CERT reporting an increase in security incidents, these organizations are investing in building expertise and programs to combat the situation. After being focused on this issue for over a decade here at Industrial Defender, this conference promoted and increased knowledge and information exchange, which is a practical step in the right direction for protecting critical infrastructure.
Representing Industrial Defender, I conducted a presentation on the Top 20 Critical Controls applied to the unique requirements of industrial control systems. The Top 20 approach was created to give organizations a set of basic controls to establish sound cyber security programs. When one looks at applying these to the operational technology (OT) environments that frequently control elements of critical infrastructure, there are adjustments and considerations needed to ensure that they can safely be applied to OT.
We also distributed a guide: The SANS Top 20 Critical Controls for ICS. It was a big hit. Here’s a link to download or send to a colleague.