The need to address OT (operational technology) cyber risks has never been greater. New threats are emerging every day – both targeted as well as untargeted collateral damage risks.

OT challenges in risk identification and remediation:

  • Old systems that can’t be updated to address known vulnerabilities without significant capital expenditure to upgrade an entire control system
  • Critical systems which cannot be patched (requiring reboots) for either operational risk/performance reasons or regulatory change management challenges
  • Wide range of endpoints that cannot be scanned safely with traditional vulnerability scanning tools

While these challenges are real, we do not need to accept the conventional wisdom that we can only monitor our asset counts and detect potential threats through anomaly detection. The real challenge is having a lack of clear visibility to the wholistic risk picture of each endpoint and how to reduce and remediate those risks in the most cost-effective way. Essentially a true risk-based endpoint protection plan.

Many point to the fact that OT environments do not have an accurate asset inventory. Although this is absolutely true, the challenge runs deeper than just knowing what PLCs or drives or controllers are on the network. A true risk perspective requires having the depth of information and remediation actionability that has become commonplace in ITSM programs.

ITSM best practices to leverage for OT risk management:

  • Full, accurate and up to date software inventories
  • Accurate patch status (not just what the OEM-vendors provide as approved or what OS-version the device is operating, but full visibility into all available patches across all application software on the endpoint)
  • Updated information on Anti-virus signature status or Application Whitelisting status
  • Information on whether the device has a recent backup and whether that backup was successful
  • Firewall configuration strength for the network protection that is supposed to be defending that asset
  • User and account status as to whether the device has shared passwords or accounts, dormant accounts, etc.
  • Asset criticality both to the operational process as well as to the network communications
  • Efficient tools to harden assets or network architectures with no risk to operations

We have seen several companies successfully take a true endpoint risk management approach to their cyber defense efforts. This approach provides an OT-specific way of conducting ITSM (what we call OTSM or OT Systems Management) as well as greater “defense-in-depth” than relying only on monitoring or detection as the line of defense.

5 steps for successful OT endpoint risk management:

  1. Gather deep vendor-agnostic, endpoint visibility including 100% software inventories, full patch status on all the application software as well as OS, detailed and regular information on configuration settings, password and user/accounts, defensive tool status such as A/V, and whitelisting, network configuration rules and settings to understand network defenses, and asset criticality based on process and network
  2. Create risk scores based on this rich data of which assets are most critical and most at risk
  3. Build remediation plans based on the feasibility of different approaches: configuration hardening, patching, network protection hardening, locking down endpoint protection elements, etc. on an asset-by-asset basis
  4. Use tools to automate this process and drive efficiency of managing these devices for the OT technicians in the plant or OT environment
  5. Establish a set of OTSM guidelines and procedures that are OT-specific, but provide similar functionality as their IT brethren

This approach has led to significant, rapid, and demonstrable-through-metrics improvements in their OT cybersecurity maturity whether based on NIST CSF, CIS CSC20, IEC-62443 or other standards.

Related Resources


Verve Value Prop

This document outlines how the Verve Security Center (VSC) platform provides far greater insights and coverage for asset awareness and system monitoring through our superior architecture and also includes patch management, configuration management, incident response, and other requirements of the NIST CSF. The following sections walk through the origin and philosophy of Verve and examine how our solution works and offers comparatives to other technology options often seen in the market.

Read the Story

Get Ready for CMMC: Improve OT Cyber Maturity in 30 Days

Prepare for CMMC compliance by creating a roadmap that improves OT cybersecurity maturity quickly, demonstrates action for your executives, and provides a long-term strategy for effective risk management.

Read the Story

ICS Security Achievements in 2020

Looking back at what Verve accomplished for the OT security industry in 2020 and looking ahead to predictions for 2021

Read the Story

Subscribe to stay in the loop

Subscribe now to receive the latest OT cyber security expertise, trends and best practices to protect your industrial systems.