Cybersecurity and AI Across the Industrial Automation Stack - Monthly Digest # 0

✅[ST # 50] Interested in Industry/Market Insights on layers of automation stack across Cloud, ERP, DMZ, MES, SCADA, HMI, PLC/Edge layers, physical devices & more?🚀 [Securing Things by M. Yousuf Faisal]

Disclaimer: All views presented here, in this newsletter, are my own.

Author or the newsletter are not liable for any actions taken by any individual or any organization / business / entity. The information provided is for education and awareness purposes only and is not specific to any business and or situation.

M. Yousuf Faisal

Hey Friend,

This is going to be a short one.

As industries increasingly adopt latest automation technologies, the intersection of cybersecurity and artificial intelligence (AI) becomes critical.

For leaders and practitioners in critical infrastructure and industrial sectors, staying updated on industry developments, security investments, trends, and the cybersecurity vendor landscape for IT, OT/ICS, IIOT, and emerging technologies is essential now.

Digest #0 is just to gauge your interest in receiving such newsletters digest on a monthly and or quarterly basis (in between other weekly newsletters) with the stated title coverage. So please participate in the following poll.

See below for more.

Vibe Check:

Do you like the idea of me covering Cybersecurity & AI Across the Automation Stack - as Monthly Digest! Where, I'll cover some updates across each layer?

Login or Subscribe to participate in polls.

Securing Things (Sponsor)

OT CBPRS (Cybersecurity Best Practices Requirements Specification) Toolkit!

The Solution (For Asset Owners Only) - Toolkit to get a head start for your OT/ICS Cybersecurity journey for SMB/SME industrial environment. Bonus - comes with limited complimentary seats for IT & OT CySEAT offering.

Below is a brief walkthrough on the toolkit:

(Note: Next iteration would include the ISA/IEC 62443-2-1 Security Program related requirements).

But before we begin, do me a favour and make sure you hit the “Subscribe” button to let me know that you care or liked and keep me motivated to publish more. Thanks!

Layers of Industrial Automation Stack

If you’ve been a subscriber, you may have seen the figure below, which essentially represents the variation in focus for IT and OT on Cybersecurity across the 6 layers of industrial automation stack.

Industrial Automation Stack by M. Yousuf Faisal

So lets get to the question of the importance of the automation stack and why?

Here are couple of reasons:

  • All the key workflows in the manufacturing lifecycle are across these layers.

  • All the integration between the systems / components / devices, processes, workflows also happens across these layers.

  • For Solution architects (from SIs, end users, automation engineers, vendors etc.) to champion the field, particularly for industry 4.0 or above, they need to be fluent in and be constantly developing expertise around all these layers.

So if the people that live and breath the industrial world, day in and day out, need to master the tech and processes around these layers, why would you think it would be different for the security folks?

  • For Security architects, consultants, and practitioners, it has become vital to be familiar with all the basics around these layers of the automation stack and hence understand cyber risks around each of these layers.

Arguably, you’ll not have time to become an expert in all these layers (such talent is rare in the market) but you can target to build some basic expertise and know-how around all and choose to master things in one or more layers.

Therefore, there’s a need for developing a new competence framework in order to be bring about a roadmap for IT & OT professionals.

If this is of any interest - let me know by voting on the vibe check Poll above.

Competence Framework for OT and IT Professionals

Industry 4.0 solution architects and or security architects need to build both technical and professional competence and skills across the entire IT-OT automation stack and may encompass the overall project lifecycle.

This is crucially important for various tasks throughout a project's lifecycle (from initiating a business use case to decommissioning), (but not limited to):

  • Building a business case

  • Evaluation Solutions or products

  • Running Proof of Concept (PoC)

  • Selection (vendor/product and price negotiation)

  • Architecture and Design

  • Factory acceptance testing (FAT)

  • Deploy and Implement (& UAT)

  • Site Acceptance testing (SAT)

  • Configure and Fine Tune

  • Operationalize (& Automate processes)

  • Maintain and Troubleshoot (Routine)

  • Backups

  • Disaster Recovery

  • Monitor and Manage

  • Incident Response (IR)

  • Migrate and or upgrade

  • Obsolescence Management, Disposal and or Decommissioning

  • Review and Assess – Cybersecurity (and Privacy) Compliance

  • Measure - KPIs, KRIs etc. and more.

This may make it easier for everyone perhaps to follow same sequence, as they progress in their current or future roles.

There are some government efforts, which I have covered in my Getting Started in IT & OT Cybersecurity - Step 4, a 12 Step Blueprint and there are more; but feel there’s a need for simplification and new ideas.

My hope is that it would be helpful for you and many others in charting individual professional roadmap.

In Digest # 1 - I’ll present some of my initial thoughts / ideas on how to develop a competence framework for your IT & OT workforce and cover few industry updates across each layer automation stack.

If you have any ideas, suggestions, recommendations and or you want to contribute, please drop me an email @ newsletter[@]securingthings[.]com or DM me via LinkedIn. And you also get a shout out for your contribution.

<Note: I’ll drop the idea if I don’t get enough responses>.

My Recent Most Viewed Social Posts

In case you’ve missed - here are some of my recent most viewed social posts.

Securing Things Academy:

IT & OT CySEAT (Cyber Security Education And Transformation) course is designed for IT and OT cybersecurity practitioners. Join the wait-list → here.

Checkout a brief overview below:

Ways in which I can help?

Whenever you are ready - I can help you with:

A - IT & OT Cybersecurity Advisory / Consulting services - for securing your business and or its digital transformation journey.

B - Security Awareness Training & Phishing Awareness Portal - Train your staff and build a Security awareness program subscription based service.

C - Securing Things Academy (STA) - Security trainings for IT & OT practitioners.

Visit the newsletter website for Links to above services and or reach out at info[at]securingthings[dot]com or DM me via LinkedIn.

D - Securing Things Newsletter - Sponsor this newsletter to showcase your brand globally, or subscribe to simply Get Smarter at Securing Things.

Reach out at newsletter[at]securingthings[dot]com or DM me via LinkedIn.

✉️ Wrapping Up - How are we doing?

I invite you as part of #SecuringThings community to share your feedback.

Rate the newsletter content

Did you find the content valuable?

Login or Subscribe to participate in polls.

Your feedback and input is invaluable to me as we work together to strengthen our cybersecurity defenses and create a safer and smarter digital society.

Let us know how we can improve this and or what you’d like to see in future?

Thank you for your trust and continued support.

Do register, validate your email, and request login link to submit poll to be able to enter a chance to win a future course giveaway.

Thanks for reading - until the next edition!

It’s a Great Day to Start Securing Things for a Smart & Safer Society.

Take care and Best Regards,

M. Yousuf Faisal. (Advice | Consult Cyber & business leaders in their journey on Securing Things (IT, OT/ICS, IIOT, digital transformation, Industry 4.0, & AI) & share everything I learn on this Newsletter | and upcoming Academy). 

Follow Securing Things on LinkedIn | X/Twitter & YouTube.

Reply

or to participate.