Skip to main content

OT/ICS Cybersecurity

Navigating the New Landscape of OT Cybersecurity in 2024: A 3-Part Guide for Operators (Part 3)


Part Three

In the rapidly evolving domain of Operational Technology (OT) cybersecurity, 2024 stands as a pivotal year. Two major developments are set to reshape the landscape for cybersecurity expectations: 

  • The Securities and Exchange Commission’s (SEC) cybersecurity reporting rule 

  • The release of NIST 800-82r3  

This article aims to provide OT operators with an understanding of these changes and practical recommendations for enhanced cybersecurity posture. 

In this three-part series, we are looking at the compelling regulations and standards that emerged in 2023 that will drive focus and changes throughout 2024 in how OT operators look at “enterprise risk”. 

The Imperative of Comprehensive Asset Visibility in OT Environments 

In Operational Technology, achieving comprehensive asset visibility is a foundational pillar for robust cybersecurity. The unique complexities of OT environments, characterized by a diverse array of legacy systems, proprietary protocols and specialized devices, present significant challenges to maintaining an exhaustive inventory of digital and physical assets. 

Challenges in Achieving Complete Asset Visibility:  

Heterogeneous Environments: OT systems often comprise a mix of old and new technologies, with legacy equipment that may not be inherently designed for connectivity or visibility. This makes it difficult to monitor and manage these assets effectively. 

Proprietary Protocols: Many OT devices operate using proprietary protocols, which can limit compatibility with traditional asset discovery tools (mostly designed for IT systems) and complicate the process of achieving full visibility. Hexagon’s PAS Cyber Integrity® is different as it was designed in OT for OT and supplies the broadest and deepest view of assets because of how we harvest the information. Unlike network packet capturing technology, we leverage the native backup functions of the industrial control system (ICS). This method provides a full and deep view into the physical device information. In addition, PAS Cyber Integrity captures the logic and functional configuration (or “brains”) of the ICS.   

Physical and Cyber Integration: The tight integration between physical processes and cyber systems in OT environments adds a layer of complexity, requiring visibility not just of digital assets but also of how they interact with physical components. As we leverage the configuration files to gather our data, PAS Cyber Integrity also provides operational details about assets, firmware and configurations that would otherwise take hours of research to uncover and compile.  

Scalability and Dynamism: OT environments can be vast and dynamic, with assets spread across multiple locations and subject to frequent changes (e.g. equipment upgrades, reconfigurations or expansions and challenging the upkeep of an accurate asset inventory). Hexagon’s PAS Cyber Integrity helps visualize the inter-relationships between assets, control loops and geographic or corporate divisional locations.  

Solution for Enhanced Asset Visibility 

Implement Advanced Asset Discovery Tools: Utilizing our advanced asset solution, which is specifically designed for OT environments, can help overcome the challenges posed by legacy systems and proprietary protocols. Our tools can provide deeper insights into the assets, identifying and cataloging components that might otherwise remain hidden. 

Integrate IT and OT Asset Management: Bridging the gap between IT and OT asset management practices will enhance overall visibility. This integration enables a unified view of assets across the organization, facilitating better coordination and management of cybersecurity measures. 

Adopt Continuous Discovery Practices: Given the dynamic nature of OT environments, continuous discovery and monitoring are essential. Implementing practices and tools that automatically detect changes in the asset inventory can ensure that the asset database remains up-to-date and reflective of the current operational landscape. 

Benefits of Improved Asset Visibility: 

Enhanced Cybersecurity Readiness: With comprehensive asset visibility, cybersecurity teams can more effectively identify vulnerabilities, assess risks and prioritize security measures. Knowing exactly what assets are present and how they are configured allows for tailored security policies and controls. 

Streamlined Incident Response: In the event of a cybersecurity incident, having detailed information about the affected assets can significantly expedite the response process. Identifying compromised devices quickly and their roles within the OT environment enables more targeted and efficient mitigation efforts. As previously mentioned, Hexagon PAS Cyber Integrity harvests the configuration files of OT assets to gather situational awareness. This being said, our tool becomes by default, a Configuration Management Database (CMDB) for OT assets. We become a repository of “last known good” configurations to greatly reduce the Mean Time to Restore (MTTR). 

Informed Risk Management: Asset visibility lays the groundwork for informed risk management decisions. Understanding the criticality and connectivity of assets helps in assessing their potential impact on operational continuity and safety, guiding risk mitigation strategies and investment priorities. 

Regulatory Compliance and Reporting: Many regulatory frameworks (including the ones discussed here) require comprehensive asset inventories as part of achieving compliance obligations. Enhanced asset visibility supports compliance efforts and simplifies reporting, providing a clear audit trail of assets and their security postures. 

Achieving comprehensive asset visibility in OT environments is not without its challenges, but the benefits it brings to cybersecurity readiness, operational resilience and efficiency are undeniable. By implementing our solution, OT operators can significantly enhance their defense against the evolving cyber threat landscape.  

As we navigate the evolving landscape of Operational Technology cybersecurity in 2024, the introduction of the SEC’s cybersecurity reporting rule and the release of NIST 800-82r3 represent pivotal developments that underscore the critical need for enhanced cybersecurity measures within OT environments. These compelling drivers highlight the importance of transparency in cybersecurity practices, the adoption of standardized security frameworks and the imperative of maintaining comprehensive asset visibility to safeguard critical infrastructure. 

The Key Take-aways for OT Operators From These Events: 

The SEC’s cybersecurity reporting rule mandates increased transparency from OT operators, requiring them to disclose cybersecurity risks and incidents that could impact investors. This rule emphasizes the need for robust cybersecurity frameworks, incident response strategies and continuous compliance efforts to protect not only operational integrity, but also investor interests and market stability. 

The release of NIST 800-82r3 provides updated and specialized guidance for securing OT systems, addressing the unique challenges posed by the integration of IT and OT, emerging technologies and the sophisticated cyber threat landscape. Adoption of these guidelines is essential for enhancing security measures and ensuring the resilience of OT environments against cyber threats. 

Comprehensive asset visibility remains a cornerstone for effective OT cybersecurity, enabling operators to identify vulnerabilities, manage risks and respond to incidents more efficiently. Achieving this visibility requires the implementation of advanced asset management tools, integration of IT and OT asset management practices and the adoption of continuous monitoring strategies. 

Action Items for OT Operators: 

Review and Update Cybersecurity Policies: Considering the SEC's rule and NIST 800-82r3, OT operators should conduct thorough reviews of their current cybersecurity policies, procedures and cybersecurity tool efficacy, ensuring they align with the latest regulatory requirements and necessary practices. 

Enhance Incident Response and Reporting Mechanisms: Develop and refine incident response plans to ensure rapid and effective action in the face of cybersecurity incidents. Enhance reporting mechanisms to meet the SEC's disclosure requirements, maintaining transparency with investors and regulatory bodies. 

Implement Advanced Asset Discovery and Management Solutions: Invest in state-of-the-art asset discovery and management tools tailored specifically for OT environments to gain deep visibility into all assets, facilitating better security and risk management. 

Foster a Culture of Cybersecurity and Awareness: Continuously educate and train personnel on cybersecurity best practices, the significance of asset visibility and the implications of new regulations. This ensures that cybersecurity remains a shared responsibility across the organization. Examine business practices to ensure security is maintained throughout the processes by design. 

Engage with Industry and Regulatory Bodies: Stay informed about evolving cybersecurity trends, regulatory updates and best practices by actively participating in industry forums, workshops and collaborations with regulatory bodies. 

The year 2024 marks a watershed moment for OT cybersecurity, driven by regulatory changes and the need for enhanced security frameworks. For OT operators, these developments are not merely regulatory hurdles but opportunities to reassess, strengthen and future-proof their cybersecurity postures. By embracing transparency, adhering to standardized guidelines and ensuring comprehensive asset visibility, OT operators can protect critical infrastructure, foster investor confidence and contribute to the overall resilience and security of our digital society. 

More Content in this series: 

About the Author

Edward Liebig is the Global Director Cyber Ecosystem in Hexagon’s Asset Lifecycle Intelligence division. His career spans over four decades, with over 30 of those years focused on cybersecurity. He has led as Chief Information Security Officer and cybersecurity captain for several multinational companies. He's also led Professional and Managed Security Services for the US critical infrastructure sector for two Global System Integrators. With this unique perspective Edward leads the Cybersecurity Alliances for Hexagon PAS Cyber Integrity. In this role he leverages his diverse experience to forge partnerships with service providers and technologies that drive collective strengths to best address our client’s security needs. Mr. Liebig is an adjunct professor at Washington University in St. Louis and teaches as part of the Master of Cybersecurity Management degree program.

Profile Photo of Edward Liebig