10 Tips for Building a Solid Cybersecurity Strategy

March 13, 2012
Ernst & Young's advice on how to keep your industrial control system safe.
  1. Co-develop and implement an Industrial Control System (ICS) cybersecurity program that focuses on identified risks -- not just regulatory compliance.
  2. Build a cross-functional cybersecurity team to develop and manage the cybersecurity program.
  3. Create and maintain an OT-environment asset inventory.
  4. Develop security policies and standards specific to ICS devices and IT systems connected to the OT environment.
  5. Understand and validate all connection points between the IT and OT environments.
  6. Use predictive threat modeling driven by the OT-environment asset inventory to identify and assess threats and vulnerabilities.
  7. Apply controls or countermeasures to complicate an attacker's ability to achieve their objectives, detect their activity and effectively respond to discovered attacks.
  8. Perform production-system and network security reviews of the OT environment, including penetration tests.
  9. Consider ICS security requirements in the vendor-management process.
  10. Develop and implement training and awareness programs that link safety and availability with good cybersecurity practices.


Source: "Insights in IT Risks" Technical Briefing, Ernst & Young, Jan. 2012

About the Author

Travis M. Hessman | Editor-in-Chief

Travis Hessman is the editor-in-chief and senior content director for IndustryWeek and New Equipment Digest. He began his career as an intern at IndustryWeek in 2001 and later served as IW's technology and innovation editor. Today, he combines his experience as an educator, a writer, and a journalist to help address some of the most significant challenges in the manufacturing industry, with a particular focus on leadership, training, and the technologies of smart manufacturing.

Sponsored Recommendations

Voice your opinion!

To join the conversation, and become an exclusive member of IndustryWeek, create an account today!