Proactive Approach to Incident Response. Part 2 – Cross-train your teams

In the previous article, we wrote about the importance of the Incident Response plan for organisations’ OT infrastructure and legal obligations.

Proactive IT/OT Cybersecurity Incident Response (IR) should be made up of a balance of prevention, detection, and response.

The IR plans and responders must be aware of the cyber-physical consequences of OT systems. The responders’ aim is to prevent an infection from spreading out and to guarantee the intruder’s efforts to take control of the system has been recognised and eliminated so the reliability of operations can be resumed with confidence.

For the IR plan to work well there are some other key factors which a company must address to fully reap the benefits of being proactive.

IT / OT Convergance – Cross-train your IT / OT teams

  • Communication is the key to any success where more than one party is involved. Involved parties must be able to support each other and benefit from each other’s knowledge. Collaboration and cooperation in the design of new manufacturing and IT processes depend on employees who can communicate well and work with each other.
  • What can the IT personnel bring to the table? Comprehension of how the networks work at a deep level such as understanding the firewalls, endpoints, and a lot of essentials of recent internet-enabled OT solutions.
  • The OT personnel on the other hand can share from their extensive understanding of machinery and mechanics.
  • A good idea for the exchange of ideas and the creation of an IT/OT team that communicates well is to create a cross-disciplinary IT/OT task force that shares in the work of business process design and technology integration.
  • IT/OT teams that can communicate well and work together well are at the core of a successful proactive IR. IT ensures that in case of a cyberattack, there is a good understanding from both sides. The reason it is so important is that most of the time OT attacks don’t originate on OT networks themselves. A much more likely scenario is that, where a hacker enters through the corporate network and laterally moves in the system until he finds an opening to penetrate an OT system.

What’s next?

The next article will cover establishing of OT Security Baseline

Do you require help with preparing your IR plan?

If you have questions regarding a Proactive Incident Approach for IT and OT solutions, please contact SEQRED, we will be happy to help.
As part of our ICS audits service we offer multidimensional cybersecurity assessments and staff workshops.

Our services cover such areas as Critical Infrastructure Protection, Cloud Services Security or Audits, and Threat Intelligence. For a full list of our services visit our services page – https://seqred.pl/en/services/

 

About this article

The ideas in this article are based on an article publishe by Accenture which you can access here.

Dodaj komentarz

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *