Cybersecurity and AI Across the Industrial Automation Stack - Monthly Digest # 0

Together with (Sponsor):

Turn Anonymous Website Visitors Into Customers With Our AI BDR

Stop letting anonymous site traffic slip away. Our AI BDR Ava identifies individuals on your website without them providing any contact information and autonomously enrolls them into multi-channel sequences.

She operates within the Artisan platform, which consolidates every tool you need for outbound:

• 300M+ High-Quality B2B Prospects, including E-Commerce and Local Business Leads

• Automated Lead Enrichment With 10+ Data Sources

• Full Email Deliverability Management

• Multi-Channel Outreach Across Email & LinkedIn

• Human-Level Personalization

• Convert warm leads into your next customers.

Hire Ava to slash costs & boost productivity.

But before we begin, do me a favour and make sure you hit the “Subscribe” button to let me know that you care or liked and keep me motivated to publish more. Thanks!

Layers of Industrial Automation Stack

If you’ve been a subscriber, you may have seen the figure below, which essentially represents the variation in focus for IT and OT on Cybersecurity across the 6 layers of industrial automation stack.

So lets get to the question of the importance of the automation stack and why?

Here are couple of reasons:

• All the key workflows in the manufacturing lifecycle are across these layers.

• All the integration between the systems / components / devices, processes, workflows also happens across these layers.

• For Solution architects (from SIs, end users, automation engineers, vendors etc.) to champion the field, particularly for industry 4.0 or above, they need to be fluent in and be constantly developing expertise around all these layers.

So if the people that live and breath the industrial world, day in and day out, need to master the tech and processes around these layers, why would you think it would be different for the security folks?

• For Security architects, consultants, and practitioners, it has become vital to be familiar with all the basics around these layers of the automation stack and hence understand cyber risks around each of these layers.

Arguably, you’ll not have time to become an expert in all these layers (such talent is rare in the market) but you can target to build some basic expertise and know-how around all and choose to master things in one or more layers.

Therefore, there’s a need for developing a new competence framework in order to be bring about a roadmap for IT & OT professionals.

If this is of any interest - let me with the vibe check Poll response.

Competence Framework for OT and IT Professionals

Industry 4.0 solution or security architects need to build both technical and professional competence and skills across the entire industrial automation stack. This is crucially important for various tasks throughout a project's lifecycle (from initiating a business use case to decommissioning), (but not limited to):

• Building a business case

• Evaluation Solutions or products

• Running Proof of Concept (PoC)

• Selection (vendor/product and price negotiation)

• Architecture and Design

• Factory acceptance testing (FAT)

• Deploy and Implement (& UAT)

• Site Acceptance testing (SAT)

• Configure and Fine Tune

• Operationalize (& Automate processes)

• Maintain and Troubleshoot (Routine)

• Backups

• Disaster Recovery

• Monitor and Manage

• Incident Response (IR)

• Migrate

• Obsolescence Management and or Decommissioning

• Review and Assess – Cybersecurity (and Privacy) Compliance

• Measure - KPIs, KRIs etc. and more.

In Digest # 1 - I’ll present some of my initial thoughts / ideas on how to develop a competence framework for your IT & OT workforce and cover few industry updates across each layer automation stack.

There are some government efforts and others here and there, but there’s always room for new ideas.

I hope this helps many in planning their professional roadmap.

If you have suggestions and recommendations, please drop me an email @ newsletter[@]securingthings[.]com or DM me via LinkedIn.

<Note: I’ll drop the idea if I don’t get enough responses>.

Related Securing Things Offering

My Recent Most Viewed Social Posts

In case you’ve missed - here are some of my recent most viewed social posts.

• ISA/IEC 62443 Standards - Part 3 - series covering essentials of the standard.

• Tip to remember ISA/IEC 62443 Standards Group & Overview Part 2.

  Continue to be the most viewed post with more than 4.3K views at the time of writing this.

• 📢 📰 Secure by 3Ds (Demand | Design | Default) 📢 📰 ✅ The trifecta reshaping IT & OT cybersecurity industry!

• This is it - Good Bye. Happy New Year! Recap on 2024 and the Future of Securing Things in 2025.

• Cybersecurity (IT, OT/ICS, AI, Open source) Insights from Q4 2024

• What the heck is ITDR - A crash course on Identity Threat Detection & Response.

• IT & OT/ICS Cybersecurity Policy(/ies) - Deciding on the Policy Route for your industrial environments.

Ways in which I can help?

Whenever you are ready - I can help you with:

A - IT & OT Cybersecurity Advisory / Consulting services - for securing your business and or its digital transformation journey.

B - Security Awareness Training & Phishing Awareness Portal - Train your staff and build a Security awareness program through our subscription based service.

C - Securing Things Academy (STA) - Security trainings for IT & OT practitioners.

Visit the newsletter website for Links to above services and or reach out at info[at]securingthings[dot]com or DM me via LinkedIn.

D - Securing Things Newsletter - Sponsor this newsletter to showcase your brand globally, or subscribe to simply Get Smarter at Securing Things.

Reach out at newsletter[at]securingthings[dot]com or DM me via LinkedIn.