![\"Retail](\"https:\/\/dmsretail.com\/RetailNews\/wp-content\/uploads\/2022\/05\/RETAIL-ONLINE-TRAINING-728-X-90.png\")
<\/a><\/p>\n<\/p>\n
Picture this:<\/p>\n
A security manager sits down with a whiteboard and a mandate from leadership to finally get serious about OT security across the organization. The plan starts to take shape \u2014 dozens of security appliances spanning multiple plant sites, SPAN ports configured on every critical network segment, and a monitoring architecture that would deliver the kind of deep visibility the team has never had before. The executives are thrilled: improved maturity scores all around!<\/em><\/p>\n It sounds perfect, it\u2019s ambitious, it\u2019s thorough, and it feels like real progress. But then the budget and task spreadsheet starts telling a different story:<\/p>\n New switches and cable runs to support the SPAN collection, rack space for dedicated appliances, power and HVAC upgrades, installation labor, and the ongoing maintenance cost of the new infrastructure \u2014 the number at the bottom of the page shatters that vision. The hidden costs are 3X the price of the OT security product itself, and the site manager\u2019s KPIs? Well, they are all about revenue, output and uptime.<\/p>\n And suddenly, the question isn\u2019t whether the organization should<\/em> invest in OT security \u2014 it\u2019s whether there\u2019s a smarter way to get there without letting the infrastructure tail wag the security dog.<\/p>\n Based on many discussions we had during the S4x26 ICS security conference, and feedback from customers, we wanted to outline a practical and cost efficient plan to achieving effective OT security.<\/p>\n This two-part blog series lays out practical advice on how to get your OT security program started. This first in the series outlines what we are calling a starter pack framework organized around people, process, and technology (PPT) \u2014 to help mid-sized industrial operations build a credible cybersecurity foundation without breaking the bank. The second blog will unpack aspects around total cost of ownership (TCO) and using technology refresh cycles strategically.<\/p>\n This framework isn\u2019t about buying the most expensive tool. It\u2019s about making sequenced, intelligent investments that deliver the most security coverage per dollar \u2014 while respecting the human and operational constraints you actually face.<\/p>\n Most mid-sized operations won\u2019t hire a dedicated OT security person. That responsibility will land on someone already wearing five hats \u2014 a plant engineer, an IT generalist, an OT manager. How this plays out is all too common for folks in the field: people get \u201ctapped on the shoulder\u201d and told they\u2019re now responsible for OT security. Most of these people are not cyber and network wizards.<\/p>\n Accept this as a design constraint, not a problem to solve with headcount. Solutions that demand dedicated staff to operate are non-starters. Look instead for tools with automated asset discovery, pre-built dashboards, and managed service tiers that offload the analysis burden.<\/p>\n Cross-training beats hiring. Leverage vendor training programs, cybersecurity association local chapters which are seeing increasing OT security engagement, and community events to build competence across your existing team incrementally.<\/p>\n Forget maturity models that assume resources you don\u2019t have. Start with a good ol\u2019 site walkaround, get out the whiteboard, plug into a console and dump network and routing tables. It would be logical to say start with visibility, but asset inventory is step zero. However, you don\u2019t have to boil the ocean. Most of the senior folks at the plant haven\u2019t been sitting idle \u2014 most know what will cause a bad day, and the site manager (or senior process engineer) knows what machines make the revenue, or which system will burn revenue and hurt forecasts. Start somewhere, and with something \u2014 don\u2019t wait for perfect.<\/p>\n Next, treat network segmentation as a process decision, and as a way to optimize both performance and your defensive position. Identify your most critical equipment and systems and start your segmentation project there. And of course, begin with defining what the Minimal Viable Security Stack is for your organization, your business units, and your sites.<\/p>\n Tier 1 \u2014 Get Started.<\/strong> A firewall\/router to create an industrial DMZ, isolating your IT network from the OT network is step one. Next a Layer 3 managed switch in Purdue Level 3 forms the foundation. Deploy a lightweight OT visibility solution like Cisco Cyber Vision that runs on the switch, giving you North-South visibility and the ability to start identifying key assets. Or, if you are still early in that journey \u2013 with the right devices at key locations, you can collect NetFlow data for debugging, performance analysis. You can always begin with a free version, and upgrade as you go from this tool, to Splunk.<\/p>\n Tier 2 \u2014 Deeper Visibility. <\/strong>The next goal should be to expand deployment of the visibility solution to lower levels in the OT network (Purdue Levels 0-2), by embedding the sensor in switches or as a container on industrial compute if existing switches don\u2019t support it. \u00a0With the investments from Tier 1, further visibility if tied into the facility\u2019s entire network stack, and initial monitoring infrastructure \u2013 the gains will begin to multiply; it won\u2019t just be about security anymore.<\/p>\n Tier 3 \u2013 Start to build an evidence-based security governance program<\/strong>. Leverage free or low-cost solutions where they exist \u2014 tools like Splunk\u2019s free data ingest tier can give you vulnerability and security posture dashboards out of the box. Ingesting OT security telemetry into Splunk can enable you to start building out a security governance program.<\/p>\n Be Careful of the Hidden Cost \u2014 SPAN Architectures.<\/strong> If you\u2019re considering passive monitoring via SPAN or mirror ports, factor in infrastructure realities. Many facilities still run 50 Mbps uplinks. Deploying new cable runs for facilities is expensive. For large multi-site operations, SPAN costs, multiplied across dozens of factories, can dwarf software licensing. For small operations, SPAN is usually manageable but know the cost before you commit.<\/p>\n Every organization will have a unique people, process and technology mix. Think of what yours can be. Identify possible gaps and build a plan to address them in a sequenced investment rather than attempting to tackle every aspect all at once. Remember that getting your OT security program started requires the basics \u2014 and the basics are surprisingly affordable.<\/p>\n Start for instance by identifying your crown jewels and focusing on developing security controls to safeguard these critical assets and systems. Over time, it will become clear as to what a minimum viable security stack looks like for your environment and what additional investment is needed to adequately safeguard it.<\/p>\n In the second blog we will take a closer look at the total cost of ownership (TCO) aspect to address OT security needs. We also focus on being strategic and using the opportunities that technology refresh cycles present.<\/p>\n \u00a0<\/p>\nThe Starter Pack Framework \u2014 People, Process, and Technology on a Budget<\/h2>\n
People \u2014 Working with the Team You\u2019ve Got<\/h2>\n
Process \u2014 Start with What Enables the Business, not a Compliance Checklist<\/h2>\n
Technology \u2014 The Minimum Viable Security Stack<\/h2>\n
Take the First Step<\/h2>\n
Subscribe to the Industrial IoT Newsletter<\/span><\/strong><\/h3>\n
Follow us on\u00a0<\/span>LinkedIn<\/span>\u00a0and\u00a0<\/span>YouTube<\/span><\/strong><\/h3>\n<\/p><\/div>\n