Key Points:
- Ransomware attacks on OT/industrial control systems are growing in frequency and severity.
- Physical consequences of compromise on OT systems require engineering-grade protection.
Ransomware attacks on manufacturing and critical industrial infrastructures have become increasingly frequent and severe in recent years. In his book, “Engineering-grade OT Security: A Manager’s Guide,” industrial security expert Andrew Ginter explores the most common attacks on OT/industrial control systems and emphasizes the importance of implementing engineering-grade protection to avoid physical consequences.
Ginter highlights the difference between IT and OT networks, stating that while consequences on IT networks are usually business-related, OT consequences are often physical. This difference underscores the need for engineering-grade security measures, which go beyond traditional IT-grade approaches.
In the book, Ginter addresses the question of how much protection is enough for both IT and OT systems. He emphasizes that the answer lies in the consequences of compromise, which should drive decision-making processes. A new cyber risk model is proposed to determine appropriate levels of protection for different systems.
The author also discusses the different perspectives of cybersecurity practitioners and engineers when it comes to protecting OT systems. He explains that cybersecurity practitioners view OT system protection differently and highlights the importance of communication within organizations when making security decisions.
Overall, “Engineering-grade OT Security: A Manager’s Guide” aims to provide guidance on defining a protection plan for organizations by considering cyber, physical, and legal consequences. The book is suitable for cybersecurity and engineering experts, as well as non-technical readers interested in learning more about OT cybersecurity and security engineering.
As the threat of ransomware attacks on critical infrastructure continues to grow, the need for engineering-grade OT security measures becomes increasingly important. Ginter’s book offers valuable insights and practical advice for organizations looking to enhance their OT security.