Many OT personnel may be familiar with risks assessments for machine safety. IT personnel have something similar, but for cybersecurity. It starts with a framework, of which there are numerous available. Using this cybersecurity framework example from National Institute of Standards and Technology (NIST), we can quickly learn that one of the first steps a team needs to do is to identify all their potential vulnerabilities.
OT personnel should think about all the entrance points into systems that the IT team does not know about. Typically, there are many old computers, USB ports, HMIs, PLCs, ethernet ports, non-password protected, default password protected and intermingled networks among the machines. Every single one of those is a potential vulnerability.
|