(CS)2AI ONLINE: Enabling Frictionless User Access in OT/Critical Infrastructure
Wednesday, February 1st, 2023: 1:00 PM to 2:30 PM
Virtual
Whether it's due to increasing awareness or due to Board/Compliance requirements, most OT Security programs start with a preliminary risk assessment. One of the initial steps is to get a list of OT assets, which used to be a rudimentary spreadsheet exercise.
With the wide availability of passive OT asset discovery tools, many go down that path via a Proof of Concept to generate Asset Inventory. This talk focus on lessons learned from the trenches performing the proof of concepts and covers challenges including availability of infrastructure (span ports/tap, routing, bandwidth), archaic protocol implementations, organizational policies for network flows, risk appetite for active probing on low traffic networks, OT & IT personnel knowledge of each other's domains, and finally budgeting.
Hosted by Derek Harp From Miami Cyber Security for Control Systems