Cybersecurity Operational Technology Program Development

At a Glance

Challenge

A large electric and gas utility’s enterprise IT cybersecurity group initiated the IT-OT program to address the increasing threat of cyber attacks against OT found in the operating environment. The utility and its consulting partner had been working to pilot an OT asset identification and monitoring tool in multiple business areas with a three-year plan to implement additional tools to support intrusion detection and protection, endpoint protection, response and recovery, and OT monitoring. The enterprise program was getting ready to transfer the operations and maintenance of some of these tools to the business units; however, the business units were unaware of the rationale for these tools and the risks these tools mitigated for their operational assets.​

Process

• Served as a functional advocate for the business units to challenge the operational direction of the project and overall value of the OT monitoring tool​
• Identified the specific assets and systems that best fit the new OT monitoring tool and developed strategies for how to improve data quality for assets which were not easily detected​
• Conducted a series of workshops with the program team and the business units to 1) understand how the tools would impact current processes, 2) agree who the owners of alarms and threat analysis would be, and 3) who within the business units would manage respond and recovery actions​
• Developed future state roles and responsibilities between the business unit and enterprise OT security operations center​
• Identified impacts of new roles and responsibilities into updated or new operational procedure guidance