Automation

The knowledge, skills, and abilities needed to understand the purpose and implement the function of cybersecurity in operational technology, including tools and systems.

Critical Work Functions

• 5.6.1 Differentiate between IT and OT architectures and the operation of these architectures

• 5.6.2 Manage Cybersecurity risk as it relates to IACS

• 5.6.3 Determine and implement the appropriate tools and methods for IACS Cybersecurity

• 5.6.4 Understand zones and conduits identification

• 5.6.5 Understand Security Level (SL) per zone

• 5.6.6 Professional development to stay current on threats and remediation methodologies

• 5.6.7 Incorporate new and emerging cybersecurity defense technologies and trends into proposed solutions

• 5.6.8 Reassess risk as automation systems evolve

• 5.6.9 General
• • Understand policies and procedures - IT and OT
  • Technologies –Security Lifecycle - assess, implement and maintain
  • People – training and motivation

• 5.6.10 Networks
• • Recognize the impact on OT systems of security hardware and software options such as encryption and intrusion detection
  • Explain guidance on separation of OT and IT system networks and components
  • Identify zones and conduits and implement controls

• 5.6.11 Operating systems
• • Describe how to manage patches to IT and OT operating systems
  • Recognize the implications of installed patches to IT and OT systems

• 5.6.12 Telecommunications
• • Describe the communications protocols used in OT architectures, with their relative pros and cons

• 5.6.13 Information assurance - The standards, procedures, and applications used to protect the confidentiality, integrity and availability of information and information systems
• • Identity management and authentication
  • Access control
  • System integrity
  • Data confidentiality
  • Restricted data flow
  • Timely response to events
  • Resource availability

• 5.6.14 Security Lifecycle – The overall business process for managing security of information and information systems
• • Understand that security management is a continuous process
  • Recognize the key elements which must be present in any security lifecycle: governance, identify, protect, respond and recover

• 5.6.15 Governance - The knowledge and skills, and abilities needed to successfully manage the process
• • Policies and procedures – defining what will be done and how
  • Oversight – ensuring the process is working

• 5.6.16 Identify – The knowledge and skills, and abilities needed to identify the assets to be managed
• • Differences between OT and IT systems - recognize the specialized system requirements of OT systems
  • Asset management
  • Risk management – the systems, tools, and concepts used to minimize the risk to an organization's cyberspace and prevent a cybersecurity incident
  • Computer defense - describe the impact of computer defense techniques and tools (such as penetration testing and vulnerability scanning) on IT and OT systems and know when to use such techniques or tools
  • Contracting and procurement - describe critical IT and OT procurement requirements
  • Enterprise strategies - explain the rationale of and adhere to IT and OT supply chain security/risk management policies, requirements, and procedures

• 5.6.17 Protect – The knowledge and skills, and abilities needed to develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services
• • Technologies and architectures – how to make systems secure (firewalls, DMZ, zones, conduits, VPNs)
  • Access Control – limiting access to systems (role based access and account management)
  • Awareness and training – making users aware
  • Data security – protecting valuable information
  • Maintenance – managing updates safely and securely – virus scanning, patch management
  • Outsourcing – safely outsourcing the entire technology environment (cloud computing, etc.), taking into account the limitations of outsourcing OT systems
  • Safe internet behavior – not accessing email or internet on OT system computers; not installing unauthorized software on OT system computers
  • Remote working - restrictions on accessing OT systems at home or outside the secure work areas of the business

• 5.6.18 Detect - The knowledge, skills, and abilities needed to identify threats or incidents
• • Intrusion detection tools
  • Network monitoring resources
  • Attack stages
  • Evasion strategies and techniques
  • Incident classification

• 5.6.19 Respond - The knowledge, skills, and abilities needed to respond to and remediate an incident, as well as restore functionality to the system or infrastructure
• • Response/business continuity planning/resilience
  • Analysis - investigate anomalies, perform forensics, classify the incident
  • Communications - understand roles and order of operations; report incidents consistently within established criteria; share information in accordance with plans; coordinate with stakeholders
  • Mitigation - contain and mitigate incidents

• 5.6.20 Recover – The knowledge, skills, and abilities needed to ensure timely restoration of systems or assets affected by cybersecurity events and adoption of lessons learned
• • Recovery planning – execute recover plan
  • Communications – manage public relations; repair reputation; communicate with stakeholders
  • Improvements – incorporate lessons learned into plans and update response strategies

• 5.6.21 Standards
• • ISO 27001 - International Information Security Management Guidance
  • Office of Homeland Security System and Physical Security Regulations (US only)
  • ISA/IEC 62443 - Security for Industrial Automation and Control Systems
  • NIST Cybersecurity Framework