Depending on the size of and resources available at your utility, you may not have implemented a vulnerability management program for your OT infrastructure, let alone for IT. If you have a mature program for OT you are in the minority. However, even if you don’t have a defined program, vulnerability management is a foundational cybersecurity activity that cannot be ignored by anyone.
Regardless of your program maturity, vulnerability management is daunting, to say the least – for OT or IT. Nevertheless, there are resources available to help break it down into practical components that anyone can benefit from. Mature utilities can use these resources as a sanity check or refresher and utilities just starting out benefit with a viable path forward. One such resource was recently published by Dragos’ to help industrial asset owners understand some of the challenges of OT vulnerability management and provide practical solutions and guidance. Understanding the Challenges of OT Vulnerability and How to Tackle Them includes a succinct, easy to digest list of pointers for utilities of any size to reference in building out or refreshing an OT vulnerability management program – several concepts which are also discussed in WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities – including:
- Don’t Rush In
- Everything Starts With an Asset Inventory & Visibility
- Don’t Fear Automation
- Periodic Walk Downs Are a Must
- Documentation is Crucial
- Understand OT Vulnerability Prioritization is Different
- Master The Art of Compensating Controls
- Actively Manage Vendors Relationships
- Software Supply Chain Management
- Hire Dedicated Staff
Access the whitepaper and report at Dragos.
