URL has been copied successfully!
ICS Security strategy for manufacturing – Information is key, but action opens the lock
URL has been copied successfully!

Information is key, but action opens the lock

ICS Security strategy for manufacturing

by

Andy Stern
in

Tags: , , , , , , , , , , , , , , , , , , , , , ,

With increasing attacks on OT/ICS infrastructure and the rising need to secure industrial output, the focus on ICS security has never been greater. Beyond attacks, manufacturers are also reaping the benefits of higher asset and network visibility and zoning elsewhere. So how can manufacturers go about putting in place an OT security strategy that is relevant, current, and failproof? Let’s explore the answer.   The need for an ICS security strategy  Many confuse an ICS security strategy with an ICS security policy. The two are quite different from each other. For starters, an ICS security strategy informs and guides an ICS security policy. ICS security strategy is also more focused on deriving a framework and structure for managing the ICS security needs of a business.   Also read: The Complete Guide to OT SOC A well-articulated and clearly defined ICS security strategy will work to establish and extend the overall value of a business from a cybersecurity investments and outcomes standpoint. Such a strategy should be carefully constructed to respond appropriately to changes in operational environments, network and asset dynamics and compliance requirements. Many components are involved in developing a relevant and useful ICS security strategy. These include vision, objective setting, budgeting, intervention planning and resource allocation and success tracking.   Vision for an ICS security strategy   Defines the direction the organization wishes to take as far as cybersecurity is concerned. A vision can be defined by the organization leadership with the involvement of all stakeholders. The vision should define a vision for ICS security for the organization in the future. A vision is important for drawing a higher level of commitment and teamwork from all stakeholders and should also consider the evolutionary forces at play that could shape and define ICS security in the future.   A good vision statement inspires confidence and cyber resilience in equal measure.    Objective Setting for an ICS security strategy This involves developing various aspects of the vision and turning them into security objectives for the company. Objectives for a sound ICS cybersecurity strategy can be drawn from standards such as IEC 62443 or NIST CSF or even NERC CIP. Sectrio recommends using a combination of these standards to draw the best-of-breed objectives for your corporate strategy.   IEC 62443 standards for example can be used to draw objectives around asset owner responsibilities, supply chain security and risk and gap assessment. Similarly NIST CSF can be used for risk management while NERC CIP can be (broadly) used for developing asset centric security objectives. While NERC CIP is focused on energy and utility companies, the following standards and requirements can be considered for guidance for developing strategic ICS objectives Budgeting, intervention planning, and resource allocation involved in an ICS security strategy No security strategy can succeed if it does not cover budgets and interventions. It is advisable to have objectives inform interventions that inform budgets and resource allocation. In many organizations, budgets inform interventions and resource allocation. How can one know if the budgets are adequate? If all the interventions suggested are covered through the budget allocated, then the budget can be considered sufficient.   Also Read: A Buyer’s Guide to OT/ICS Security Solutions One can also think of spending in a staggered manner starting from covering priority needs first and then leading into the areas needing less attention. Note: a compliance requirement could change the dynamics here.  The following areas should be considered in this phase from an intervention standpoint:  Tracking the success of your ICS security strategy  Tracking the success of the strategy is also essential. Otherwise, a strategy can turn into a corporate document hidden away in a remote stash of files on some unknown server. In an ICS environment, success could be measured based on the following parameters:  Interested in learning how your business can evolve a comprehensive ICS security strategy with the right tools? Talk to us.   Looking at checking your ICS environment for IEC 62443/NIST CSF/NIS2 compliance? Connect with our Compliance and Governance expert.    Talk to us to learn how your crown jewels and assets can be protected through a custom-built ICS security plan. Contact us now! Learn more about our ICS security solution and its capabilities around asset inventory, vulnerability management, threat management, and compliance.   Book a consultation with our ICS security experts now. Contact Us  Thinking of an ICS security training program for your employees? Talk to us for a custom package.   

First seen on securityboulevard.com

Jump to article: securityboulevard.com/2024/09/ics-security-strategy-for-manufacturing/

Loading

Share via Email
Share on Facebook
Tweet on X (Twitter)
Share on Whatsapp
Share on LinkedIn
Share on Xing
Copy link

also interesting:

  1. Cybersecurity Snapshot: Critical Infrastructure Orgs Found Vulnerable to Basic Hacks, While New MITRE Tool Uses ML to Predict Attack Chains
  2. 10 Best Attack Surface Management Tools
  3. Securing the OT supply chain, ensuring third-party vendors adhere to cybersecurity best practices 
  4. Top 5 Enterprise Tufin Competitors