Cybersecurity Operational Technology Program Development

Challenge

A large electric and gas utility initiated an enterprise cybersecurity IT-OT program to address the increasing threat of cyber attacks against operational technology (OT) found in the operating environment. The utility and its consulting partner had been working to pilot an OT asset identification and monitoring tool in multiple business areas with a three-year plan to implement advanced cybersecurity tools that would support intrusion detection and protection, endpoint protection, response and recovery, and OT monitoring. The enterprise program was getting ready to transfer the operations and maintenance of some of these tools to the business units; however, the business units were unaware of the rationale for these cybersecurity tools and the risks these tools mitigated for their operational assets.

Process

• Served as a functional advocate for the business units to challenge the operational direction of the project and the overall value of the OT monitoring tool​
• Identified the specific assets and systems that best fit the new OT monitoring tool and developed strategies for how to improve data quality for assets that were not easily detected​
• Conducted a series of workshops with the enterprise program team and the business units to 1) understand how the tools would impact current processes, 2) agree on who the owners of alarms and threat analysis would be, and 3) who within the business units would manage, respond, and take recovery actions​
• Developed future state roles and responsibilities between the business unit and the enterprise OT security operations center​
• Identified impacts of new roles and responsibilities in updated or new operational procedure guidance