Like other computerized systems, the assets that make up your controls systems are vulnerable to a variety of cyber threats. Since the threat actors looking to target your OT assets are constantly refining their processes and searching for weaknesses across your control system landscape, your OT cybersecurity policies need to be evolutionary. Yet, no matter how much your organization prioritizes OT cybersecurity, there will always be resource limitations, especially when it comes to budget. 

In this paper, we highlight how you can use best practices from the National Institute of Standards and Technology (NIST) five-element Cybersecurity Framework to assess and manage potential cybersecurity threats by implementing the following six low- or no-cost activities:

• Using available tools for asset identification

• Prioritizing cybersecurity efforts using a risk-based approach

• Providing integrators and OEMs with a common infrastructure

• Including cybersecurity measures in all new systems

• Reducing vulnerabilities with a defined system owner and systematic processes

• Coordinating cybersecurity efforts with existing improvement projects