Securing Things (Sponsor)

OT CBPRS (Cybersecurity Best Practices Requirements Specification) Toolkit!

The Solution (For Asset Owners Only) - Toolkit to get a head start for your OT/ICS Cybersecurity journey for SMB/SME industrial environment. Bonus - comes with limited complimentary seats for IT & OT CySEAT offering.

Below is a brief walkthrough on the toolkit:

(Note: Next iteration would include the ISA/IEC 62443-2-1 Security Program related requirements).

But before we begin, do me a favour and make sure you hit the “Subscribe” button to let me know that you care or liked and keep me motivated to publish more. Thanks!

Layers of Industrial Automation Stack

If you’ve been a subscriber, you may have seen the figure below, which essentially represents the variation in focus for IT and OT on Cybersecurity across the 6 layers of industrial automation stack.

So lets get to the question of the importance of the automation stack and why?

Here are couple of reasons:

• All the key workflows in the manufacturing lifecycle are across these layers.

• All the integration between the systems / components / devices, processes, workflows also happens across these layers.

• For Solution architects (from SIs, end users, automation engineers, vendors etc.) to champion the field, particularly for industry 4.0 or above, they need to be fluent in and be constantly developing expertise around all these layers.

So if the people that live and breath the industrial world, day in and day out, need to master the tech and processes around these layers, why would you think it would be different for the security folks?

• For Security architects, consultants, and practitioners, it has become vital to be familiar with all the basics around these layers of the automation stack and hence understand cyber risks around each of these layers.

Arguably, you’ll not have time to become an expert in all these layers (such talent is rare in the market) but you can target to build some basic expertise and know-how around all and choose to master things in one or more layers.

Therefore, there’s a need for developing a new competence framework in order to be bring about a roadmap for IT & OT professionals.

If this is of any interest - let me know by voting on the vibe check Poll above.

Competence Framework for OT and IT Professionals

Industry 4.0 solution architects and or security architects need to build both technical and professional competence and skills across the entire IT-OT automation stack and may encompass the overall project lifecycle.

This is crucially important for various tasks throughout a project's lifecycle (from initiating a business use case to decommissioning), (but not limited to):

• Building a business case

• Evaluation Solutions or products

• Running Proof of Concept (PoC)

• Selection (vendor/product and price negotiation)

• Architecture and Design

• Factory acceptance testing (FAT)

• Deploy and Implement (& UAT)

• Site Acceptance testing (SAT)

• Configure and Fine Tune

• Operationalize (& Automate processes)

• Maintain and Troubleshoot (Routine)

• Backups

• Disaster Recovery

• Monitor and Manage

• Incident Response (IR)

• Migrate and or upgrade

• Obsolescence Management, Disposal and or Decommissioning

• Review and Assess – Cybersecurity (and Privacy) Compliance

• Measure - KPIs, KRIs etc. and more.

This may make it easier for everyone perhaps to follow same sequence, as they progress in their current or future roles.

There are some government efforts, which I have covered in my Getting Started in IT & OT Cybersecurity - Step 4, a 12 Step Blueprint and there are more; but feel there’s a need for simplification and new ideas.

My hope is that it would be helpful for you and many others in charting individual professional roadmap.

In Digest # 1 - I’ll present some of my initial thoughts / ideas on how to develop a competence framework for your IT & OT workforce and cover few industry updates across each layer automation stack.

If you have any ideas, suggestions, recommendations and or you want to contribute, please drop me an email @ newsletter[@]securingthings[.]com or DM me via LinkedIn. And you also get a shout out for your contribution.

<Note: I’ll drop the idea if I don’t get enough responses>.

My Recent Most Viewed Social Posts

In case you’ve missed - here are some of my recent most viewed social posts.

• ISA/IEC 62443 Standards - Part 3 - series covering essentials of the standard.

• Tip to remember ISA/IEC 62443 Standards Group & Overview Part 2.

  Continue to be the most viewed post with more than 4.3K views at the time of writing this.

• 📢 📰 Secure by 3Ds (Demand | Design | Default) 📢 📰 ✅ The trifecta reshaping IT & OT cybersecurity industry!

• This is it - Good Bye. Happy New Year! Recap on 2024 and the Future of Securing Things in 2025.

• Cybersecurity (IT, OT/ICS, AI, Open source) Insights from Q4 2024

• What the heck is ITDR - A crash course on Identity Threat Detection & Response.

• IT & OT/ICS Cybersecurity Policy(/ies) - Deciding on the Policy Route for your industrial environments.

Securing Things Academy:

IT & OT CySEAT (Cyber Security Education And Transformation) course is designed for IT and OT cybersecurity practitioners. Join the wait-list → here.

Checkout a brief overview below:

Ways in which I can help?

Whenever you are ready - I can help you with:

A - IT & OT Cybersecurity Advisory / Consulting services - for securing your business and or its digital transformation journey.

B - Security Awareness Training & Phishing Awareness Portal - Train your staff and build a Security awareness program subscription based service.

C - Securing Things Academy (STA) - Security trainings for IT & OT practitioners.

Visit the newsletter website for Links to above services and or reach out at info[at]securingthings[dot]com or DM me via LinkedIn.

D - Securing Things Newsletter - Sponsor this newsletter to showcase your brand globally, or subscribe to simply Get Smarter at Securing Things.

Reach out at newsletter[at]securingthings[dot]com or DM me via LinkedIn.