Leveraging IT Programs in OT – Establishing an OTSM Program

  • Conference Program
  • Cybersecurity
  • April 9, 2019
  • 2:10 pm - 2:55 pm

Everyone struggles with how big of a challenge cybersecurity for OT environments is when you factor in aging operating systems, process fragility, lack of staff/skills/resources and a reluctance to ‘violate’ OEM support or warranty agreements. The reality, however, is that we have ‘IT systems’ in our environments so we must adopt ‘IT solutions’ to manage and maintain them.
The concept of IT service management (ITSM) is well established and, according to Wikipedia refers to the entirety of activities – directed by policies, organized and structured in processes and supporting procedures – that are performed by an organization to design, plan, deliver, operate and control information technology (IT) services offered to customers.
Our premise is that we need to establish an OTSM or OT Service Management program to properly provide cybersecurity and system health/reliability functions into the process control environment. This means adopting (safely) IT type of tools, practices (SOC, Cloud, Agents, Automation, etc) into an OT network to produce sustainable, repeatable results and significantly improve cyber security ‘hygiene’ in OT.
This presentation will start with an outline of an OTSM approach to security, then transition to two very different case studies where OTSM helped to first ‘assess and measure’ security risk by performing a technology enabled risk assessment. The second case study illustrates the speed, accuracy and flexibility in maintaining and managing an OT environment gains by deploying an OTSM approach.