• ISA provides technical resources and standards to help industrial automation professionals advance their careers and the field. We enable automation professionals worldwide to solve problems and enhance their skills by bringing people together to create new technologies and share best practices with future automation professionals.

    • Industry Insights

  • We attract over 140,000 unique automation professionals monthly, making us the premier online content provider and the only dedicated electronic magazine in the automation industry.

    Monthly Magazine

    • More things to read

    Back
    Back
  • M logo for Automation.com Monthly. Link to current issue.
  • Search Sponsored By:
Feature

OT Security Dozen: Series on Building an OT/ICS Cybersecurity Program

By: Muhammad Yousuf Faisal
22 March, 2022
2 min read
OT Security Dozen: Series on Building an OT/ICS Cybersecurity Program
OT Security Dozen: Series on Building an OT/ICS Cybersecurity Program
In this 12-part series, the author will touch on potential mappings to ISA/IEC 62443 standards requirements, NIST-CSF domains, and CSC Top 20.

Over next couple of weeks and months in 2022, I am excited to be sharing some experience and insights on the 12 foundational steps for an “ Operational Technology (OT)/Industrial Control System (ICS) Cybersecurity Program ” – calling it “

The OT Security Dozen

.”

This will hopefully serve as guidance or building blocks to improve and operationalize cybersecurity practices for OT/ICS operations, especially for those industrial organizations worldwide (APAC manufacturing sector in particular) that are exploring ways to either start their journey and are not sure where to begin and/or in some cases trying to improve or mature their current initiatives.

Phase 1 - Evaluate | Assess | Discover | Define

1. OT/ICS Cybersecurity Assessments/Reviews

2. OT/ICS Cybersecurity Policy & Governance

Phase 2 - Implement | Deploy (Protect & Detect)

3. OT/ICS Cybersecurity Architecture & Segmentation (between IT & OT networks)

4. OT/ICS Asset Discovery & Threat Detection (OT IDS) Tools Selection & Implementation

5. OT/ICS Configuration Hygiene

6. OT/ICS Secure Remote Access

7. OT/ICS Access Control

8. OT/ICS Endpoint Protections (AV, Host IDS/EDR, USB controls)

9. OT/ICS Supply Chain Security (risks related to SBOM, OEMs, third-party service providers)

Phase 3 - Monitor | Respond & Measure

1. OT/ICS Cybersecurity Monitoring (via an Integrated SOC/MSS Operations)

2. OT/ICS Incident Response Plan

3. OT/ICS Audit & Security Testing – Continuous Measurement

Obviously, this is not an exhaustive list of initiatives for controls around people, processes, and technology for the world of OT/ICS. However, “

The OT Security Dozen

” will provide you that very strong and solid foundation required for establishing and running a successful OT/ICS cybersecurity program.

Some of these 12 initiatives can be run in parallel, and some may perhaps be better run sequentially. Prioritization of these initiatives may differ from one organization to another, based on several factors and the uniqueness of an organization's environment (e.g. network architecture, culture, people, processes, budget, skillsets, etc.).

Regardless of the prioritization sequence, successful execution of these initiatives will raise your maturity level against any given industry standards that’s preferred by the organization and/or compliance against any applicable standards/regulations.

In the twelve part series – the OT Dozen, I’ll deep dive into each of these initiatives along with potential mappings to ISA/IEC 62443 standards requirements, NIST-CSF domains, and CSC Top 20.

If we were to choose anything else as the 13th initiative, it would likely be " IT & OT Ransomware Protection Program (RPP). " This would be your 13th warrior against the widespread threat landscape and while such a program would need to include most of the preparation elements above, it does need more to look into (e.g., the importance of backups and recovery) which will not be covered in this series and warrants its own post altogether.

A version of this article originally appeared on LinkedIn. The author will be first featuring the series on this platform and encourages everyone to follow along in the SecuringThings newsletter.

See Part 1 here. See Part 2 here. See Part 3 here. See Part 4 here.

Categories:

Muhammad Yousuf Faisal

M. Yousuf Faisal (EMBA, GICSP, ISO 27001 LA, CISSP, CISM, CISA) has more than two decades of industry experience in technology and cybersecurity, helping organization across multiple industry sectors worldwide, secure their digital transformation journey. As founder of “Securing Things," currently offering Cybersecurity Advisory and Consulting services, training and solutions, both IT & OT/ICS/IOT environments. He holds a B.E. Electrical and an Executive MBA degree.

Reach out or get in touch at [email protected] for any business needs, project support, discussions and or simply information sharing. Follow or connect with me for future posts, interest, simply discussions:

Advertisement

Trending Articles

Advertisement

Related Articles

View all Articles and News
Advertisement
Advertisement

International Society of Automation
PO Box 12277

Research Triangle Park, NC 27709

E-Mail: [email protected]

©2026 Automation.com, a subsidiary of the International Society of Automation.