Shifting regulatory requirements can cause significant challenges if not managed effectively. New cyber security standards (such as TSA for pipelines) try to apply IT-like cyber security into the OT realm. Many will argue this is not possible or practical, but the reality is that the trend is headed in this direction. Industrial organizations need to find ways to apply these IT-like security functions in a way that is safe and practical for OT while still satisfying the requirements

We have seen the challenges of addressing these more “prescriptive” cyber security requirements and understand how easy it is to become overwhelmed by the processes, complexity, and inefficiencies of this change. However, we remain confident and encouraged in managing cyber security regulations by the many organizations who successfully adapt and create efficient means to secure their environments and achieve effective compliance with regulatory requirements.

This session shares how to manage prescriptive and auditable regulations in OT environments based on 25+ years of experience. During this session you will gain:

  • Learnings from the NA power industry on how to improve cyber security while addressing regulatory prescriptions (as seen with NERC CIP)
  • An understanding of how to build a clear roadmap and programmatic approach with an end goal or state in mind
  • Create a “think global; act local” approach by automating endpoint actions without causing OT risk