ASIS International has published a new article in its Security Management magazine on mitigating threats to operational technology (OT) systems.
The article’s author, John Cusimano of Armexa, advises that companies identify realistic threat vectors, or attack pathways, in their critical systems. He explains: “For example, a supplier or vendor might come into the plant to troubleshoot a control system issue. They could accidentally introduce malware by connecting an infected laptop to the plant’s system, plugging an infected USB into a plant computer, or providing the site with a file that is, unknowingly, infected. Other threat vectors could be compromised software patches or antivirus updates that are installed in the control system environment.”
Mitigating controls may be simple—for example, prohibiting connecting USBs or laptops into control systems—but they can also require considerable effort, as modern IT and OT systems are complicated and intertwined, the article explains.
Learn more in the ASIS article: Best Practices for Minimizing OT Threats
ANSI Full Members may submit contributions to [email protected]. All submissions are published at ANSI's discretion, and generally must be a resource that is freely available and/or non-commercial information of significant value to the ANSI community.