Proactive Response and Recovery for OT

Whether consistently performed and maintained or not, there is little argument on the importance of being proactive with the NIST Cybersecurity Framework’s first 2 core principles of identification and protection. The OT integrity company PAS Global makes an interesting observation that the importance of proactive detection, response, and recovery are not as well-discussed or practiced in OT environments. PAS explains this assertion by highlighting a recent case that illustrates some failures and opportunities associated with being reactive vs. proactive – regardless if the incident is caused by an attack or something else like a configuration change. According to PAS, in what was believed to be a seemingly harmless IT change (updating a static IP address on an engineering workstation that was hosting the distributed control system configuration), an organization lost their entire control strategy information along with tag references and programs. PAS explains that because no one had anticipated an IP address change could have such a negative impact, no backup of the workstation and configuration files were proactively performed prior to the change. And, to make matters worse, there was no other good back up available from an earlier time.

PAS points out two lessons learned from this incident:

• Taking the time to produce a backup before undertaking maintenance tasks, even when they do not have expected risks, should not be overlooked.
• Having another source of your OT configuration data is a must have for business resiliency – whether that is to recover from human error, as in this case, or a cyber attack.

Lessons learned from others are a great way to be proactive in your strategy to avoid similar outcomes. Read more at PAS.