Even though many IT technologies, such as intrusion detection, are making big strides into OT, aeSolutions’ Cusimano adds it’s important people remember that OT networks have different operational requirements, and that these tools need to be “tuned” to their environment for maximum benefit. “For example, to help users get the most value from their ICS detection investments, we visit a site, make sure the system is properly installed, monitor its traffic and performance, and build dashboards and displays,” explains Cusimano. “Users often recognize they’re not getting the performance and value they expect, so aeSolutions can help them ‘operationalize’ their investment by, for example, making sure that alerts make sense to the operators.”
To help users gain awareness, Cusimano reports aeSolutions recently partnered with the SANS Institute to offer a one-day class, "ICS cybersecurity for managers," which is based on application of the NIST Cybersecurity Framework and the ISA/IEC 62443 standards. It's taught by Cusimano and Paul Rostick, CISO and industrial cybersecurity advisor at aeSolutions, who present a Top 20 list of critical cybersecurity controls for ICS and teach attendees how to develop their own cybersecurity program and make it part of their organizational culture.