Ce diaporama a bien été signalé.
Le téléchargement de votre SlideShare est en cours. ×

End-to-End OT SecOps Transforming from Good to Great

Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Chargement dans…3
×

Consultez-les par la suite

1 sur 11 Publicité

End-to-End OT SecOps Transforming from Good to Great

Télécharger pour lire hors ligne

Building and growing an OT SecOps program takes vision, buy-in and budget. This track explores how to take your program to the next level. The discussions are intended to spark conversation and this guide highlights key takeaways on what works, what doesn’t and what’s next. https://accntu.re/3tz7wGY

Building and growing an OT SecOps program takes vision, buy-in and budget. This track explores how to take your program to the next level. The discussions are intended to spark conversation and this guide highlights key takeaways on what works, what doesn’t and what’s next. https://accntu.re/3tz7wGY

Publicité
Publicité

Plus De Contenu Connexe

Diaporamas pour vous (20)

Similaire à End-to-End OT SecOps Transforming from Good to Great (20)

Publicité

Plus par accenture (20)

Plus récents (20)

Publicité

End-to-End OT SecOps Transforming from Good to Great

  1. 1. Transforming From Good to Great End-to-End OT SecOps
  2. 2. Jim Guinn, II Accenture Senior Managing Director LinkedIn: @Jim Guinn, II | Twitter: @jimmy_guinn Our improvement journeys are all different, but our end goal is the same – achieve operational integrity and cyber resilience. We are honored to have so many senior leaders and cybersecurity OT experts involved with this summit, sharing their experiences and insights to help others achieve the goal. The outpouring of support for this event has been amazing. It demonstrates how important knowledge sharing and community involvement are to moving the needle on industrial cybersecurity. What follows are key takeaways from each session. Bold statements from OT cybersecurity practitioners based on real-world experience advancing programs and tackling the same challenges facing your organization. We all know a lot can go wrong in an OT environment, which can impact health, safety and the environment. The last year has highlighted just how vulnerable our critical infrastructure is to cyber threats. And there's absolutely no question that if any of these attacks are successful, HSE issues can ensue. Cybersecurity can no longer be an afterthought. It must be top of mind, always. As you read through this document and listen to the replays, think about your upcoming projects and operational objectives and consider reframing your discussions to incorporate security. For example: “As we adopt 5G to gain extra bandwidth, how do we do that securely?” “We are planning to increase production securely.” “We need to enhance our operations securely with the use of robotics.” If we just embed the word security in everything we talk about and in everything we do, it then comes to the forefront of our minds. Review this guide. Share the on-demand content. And reach out if you have questions or just need a sounding board. My team is ready to collaborate to advance your program for whatever is next. Cheers, “There’s absolutely no question that if any of these attacks are successful, HSE issues can ensue. Cybersecurity can no longer be an afterthought. It must be top of mind, always.” Jim Guinn, II Copyright © 2022 Accenture. All rights reserved. 2 Watch the summit > Introduction
  3. 3. Session Overview The Cybersecurity Imperative: Why embrace it? Transforming from good to great Building and growing an OT SecOps program takes vision, buy-in and budget. This track explores how to take your program to the next level. The discussions are intended to spark conversation and this guide highlights key takeaways on what works, what doesn’t and what’s next. The agenda covers: • starting strategically (where and what) • harnessing innovation (tools and tech) • pacing progress (expectations and comms) • winning over stakeholders (and budget) • reporting what matters (scope and scale) Cybersecurity as a public-private team sport Why automation is the future of OT security How to survive transformation day 2 Win hearts, minds and funding for your projects End-to-end cyber risk management Automation—In promise, in practice Opening Keynote Operation: Next ‘22 Fundamentals & Structure Innovation & Technology Case Study Project Execution Investment & Risk Closing Keynote End-to-End OT SecOps
  4. 4. It’s impossible to have every angle nuanced… Get your four to six critical assets, critical processes really understood and quantify the financial risk.” Bob Dudley “ Muqsit Ashraf Accenture Bob Dudley Former CEO, BP Speakers The Cybersecurity Imperative: Why embrace it? Breaches continue to climb despite billions invested in cybersecurity. Are companies investing in the right security priorities? Bob Dudley provides his thoughts on why it has taken so long for executives to wake up to the challenges and what is needed to make cybersecurity a strategic priority for executives and the board. Key takeaways: • For a long time, cybersecurity was viewed as a technical problem, rather than seen as an operational risk and business continuity concern. • Priorities are changing as breach implications become more significant, including emerging case law that holds boards and executives accountable. Opening Keynote • Boards need to understand the problem, the language and the financial implications to a company. Time to move away from showing the board basic activity dashboards and begin reviewing the critical assets and business processes that are most vulnerable and quantify that risk. • Big wake-up call was when Accenture was able within a few weeks to take over BP’s oil refinery control systems. Immediately created a world-wide task force to update our asset security program. It took time and significant culture change to implement. • Crisis Management exercises helped our executive teams understand the communications process was far more complicated than they expected. Copyright © 2022 Accenture. All rights reserved. 4 Watch the full session on-demand >
  5. 5. “ Rick Driggers Accenture Angela Haun ONG-ISAC Speakers This is just too complex of an issue and dynamic and changing to go it alone. You can’t know everything, but you can benefit from what others know.” Angela Haun Cybersecurity as a public-private team sport It’s no secret that public-private partnerships are complex and can be hard to manage, but with a few changes and stronger involvement they can be incredibly valuable to companies seeking to improve their cyber resilience. • There are many different partnership models available. Companies need to determine what models works for them and get involved. • Information sharing, such as indicators of compromise, and dispersing vulnerability patches are scalable prevention strategies that public-private partnerships can support. • Govt. and other partners can help make prevention measures that require greater resources, such as tabletop exercises, more accessible for those with limited resources. Fundamentals & Structure • DOE and DHS are conducting national exercises to provide guidance and assistance to companies. • Greater investment in the 27 existing ISACs and access to more intel is needed to help members improve resilience. • To assist SMBs, govt. needs to make it less confusing about where to go for cybersecurity guidance. • It behooves large companies to share threat intel and offer guidance to SMBs in their supply chain. • To improve information sharing, the process needs to be easy, simple and worth the effort. This can include removing blame and retributions for being a victim, which causes many companies to stay quiet about incidents. Copyright © 2022 Accenture. All rights reserved. 5 Watch the full session on-demand >
  6. 6. Involve the engineers. When they have a real sense of ownership of the problems and solutions, then you’re definitely going to get better adoption.” Russell Richardson “ Byron Chaney Accenture Jason Holcomb Accenture Trevor Houck Accenture Russell Richardson Duke Energy Speakers Why automation is the future of OT security Are OT environments ready for SOAR? Experienced panelists discuss the opportunities security automation brings to OT asset inventory, SOC operations and threat response, and how to counter challenges from OT engineers. Challenges • Attitudes toward cybersecurity is the biggest issue. Engineers are skeptical, concerned and protective of their systems. Educating, listening and building trust is the path to adoption. • Build a test lab to replicate systems and demonstrate that your tools will not break their assets. Then move to a pilot at a small location, building up to larger ones. • Start with passive activities (log collection) to gain acceptance, then move to active measures (queuing devices). • Introduce engineers to some form of cyber informed engineering to help drive them to more secure design. Innovation & Technology Automation in OT Asset Inventory • With thousands, even millions of assets, complete visibility is a significant challenge. Gathering details can be a significant effort. Once compiled, SOAR tools can be used to enrich that inventory data. • Automation can take a vulnerability notice and immediately search the inventory and identify vulnerable assets replacing a manual effort. Automation in SOC Operations & Threat Response • Can correlate security alert data from a passive OMS network sensor with an existing data feed. • SOAR tools include thousands of built-in IT integrations. Python scripts can be written to integrate OT devices. • Tools include human-in-the-loop functions that ensure no action is taken without human approval. These can be set as simple or complex as you need them to be, based on your IR playbooks. Copyright © 2022 Accenture. All rights reserved. 6 Watch the full session on-demand >
  7. 7. “The CISO is only a facilitator, an enabler [for digitalization efforts]. Ultimately, it’s the business/risk owner who must make the decision and has to set the risk at the right level.” Rosa Kariger Ruud Gal DSM Rosa Kariger Iberdrola Samuel Linares Accenture Speakers How to survive transformation day 2 Companies have achieved some level of digital transformation, now many are reflecting on the real outcomes of their efforts and asking, “what’s next?” Two seasoned security leaders provide their insights: • Mature companies that focused on the technical side of security now need to get the business more involved. • When dealing with digitization of existing assets/programs, it’s important to assign clear roles and responsibility for risk within the business lines. They need to take the lead to ensure security measures are embedded in their projects. • Need to make business lines aware of cyber risk by explaining it in their language – security is ultimately part of protecting their assets. Business directors should be able to communicate risk directly to leadership and explain the cybersecurity measures in place. Case Study • In addition to defining technology and standard architectures, spend time on change management, update governance models and invest in training. • To get board approval for investments, provide risk- based plans with options for execution, along with performance details on prior projects (demonstrate your success). Future Challenges/Needs • Digitalization in operations will drive the company’s agenda. Makes sure your strategy has cybersecurity embedded into every aspect of your business. • Security will become more complicated as the ecosystem grows more complex. • OT/IT convergence is happening and the OT environment will move to the cloud. • More important to understand and account for 3rd party risk. Your future infrastructure must be in line and ready to work with external parties. • Work towards stronger collaboration and information sharing with other companies. Copyright © 2022 Accenture. All rights reserved. 7 Watch the full session on-demand >
  8. 8. It’s important to have your facts grounded, but many people are influenced emotionally and at the same time…it’s about having enough credibility.” Michael High “ Andy Bochman Idaho National Laboratory Michael High Shell Laura Schepis JEA Speakers Win hearts, minds and funding for your projects Expert panel offers advice on how to get buy-in for cybersecurity projects and role plays two request scenarios using different approaches. The IT/OT convergence conversation can be painful, but worth it. Making change requires both EQ and IQ. There are different ways to persuade. Pathos, Logos, and Ethos are three strategies commonly employed. Pathos persuades using emotion. • Align project benefits to a positive impact on people. • Use analogies to make an idea or issue relatable. • Acknowledge what issue you might encounter and directly ask for involvement to resolve. Project Execution Logos persuades using reasoning or logic. • Present absolute risks versus relative risks. • Identify what you have and how it limits you or makes you vulnerable but avoid heavy technical detail. • If peers have invested in similar technology, share how they are benefiting. • Discuss the maturity of the program and if there are limitations, how will they be resolved. • The use of a pilot can be a great incentive to get buy-in, as long as you don’t have a poor pilot track record. Ethos conveys credibility and authority. • When it comes to getting funding, having a successful pilot or implementation you can point to and having enthusiastic users wins the day when it comes to convincing stakeholders. Copyright © 2022 Accenture. All rights reserved. 8 Watch the full session on-demand >
  9. 9. “Cybersecurity is not an individual sport, it’s a team sport, and we need to push for more collaboration, information sharing and having an ecosystem attitude toward cyber.” Felipe Beato Felipe Beato World Economic Forum Brent Hambly Accenture Jesus Sanchez Naturgy Speakers End-to-end cyber risk management Diverse panel discusses industry trends and key elements to improving cyber risk management and resilience. Trends • World Economic Forum cybersecurity trends report shows there is a significant gap between business leaders and cyber leaders on where they think their cyber efforts are. • See a rise in cybersecurity as a business priority. • Emerging new tech, such as AI and automation, will help transform cybersecurity, as well as amplify business models. • Some variation in the cyber resilience definition across industries and countries – a global taxonomy is needed. Collaboration • More collaboration between businesses, organizations and providers is needed. Information sharing can help inform strategies and improve preparedness. Investment & Risk Risk Management • Naturgy’s process included creating a risk manager role, conducting a risk evaluation and business impact analysis to prioritize assets, establishing regular risk remediation meetings, and implementing KPIs to measure performance. • Business lines should lead their cybersecurity plans and the risk process. Resilience • Resilience should extend to your supply chain. • Having sufficient cybersecurity talent is another critical piece to achieving resilience. • Cybersecurity should be enmeshed throughout the organization – it should be seen as part of the business. Engaging the Board • Be proactive and transparent with your board about cyber risks to the company and the strategy in place. Don’t wait to engage until there is an incident. • Showcase how your investments performed during an incident and share your KPIs. • Don’t limit your updates to the board. Share details with your business line leaders to keep them involved and invested. Copyright © 2022 Accenture. All rights reserved. 9 Watch the full session on-demand >
  10. 10. Automation — In promise, in practice “We want to use automation where we can and then have humans involved where they need to be.” Paul Scharre Gabby D’Adamo Accenture Jim Guinn, II Accenture Paul Scharre Center for a New American Security Speakers There’s no question that automation already plays a significant role in IT and OT system cybersecurity. As the threat landscape continues to grow, what role could/should automation play in OT security management? Advantages of automation • Helps systems be more efficient, more effective and safer. • Reduces tendency for human error. • Propagates system updates helping improve security. • Works well for repeatable, predictable processes. Closing Keynote Risks of automation • Takes humans out of the process removing them from potentially catching mistakes and issues. • Increases potential risk if a hacker infiltrates a system. • Can’t build automated systems to work in situations we can’t predict. Going forward • Automation adoption needs to be a risk-informed decision. • Start by looking for manual processes you can automate that will free up humans to focus on critical thinking problems. • Humans will still play a role – they need to know what automation is capable of and when to step in. Copyright © 2022 Accenture. All rights reserved. 10 Watch the full session on-demand >
  11. 11. Ready to step into next? Visit our website for expert insights on OT cybersecurity Discover more resources > Leverage our test facility > Engage our OT cyber team > Learn about our purpose- built OT Cyber Fusion Center Partner with us to advance your OT security program Take a virtual tour > Contact our team >

×