- In the course of digitalization commercial IT and Shop floor OT (Opearation Technology) more strongly integrated.
- Shopfloor OT persists still numerous aged proprietary of Industrial Control System (ICS), which are now to be accompanied by latest ICS, based on Standard Operating System and applying Middleware Standard.
- Shopfloor-OT-Systems are exposed to new threats with perimeter less security models and IIOT as well as integration into commercial IT and the cloud.
- CISOs concentrate on the global IT -landscape, perimeter prevention and the system integration, though often neglects security standards in individual systems.
Imagining IT Differently
- Central development of self assessment based on NIST SP 800-82; the NIST-domains provided by the SP800-82 offer a stronger focus on the DO-phase of PDCA-cycle for ICS.
- Self-assessment questions which are base upon NIST SP 800-82 are assigned to other Security standards (COBIT5, VDA, ISO27001) to enable integration with other security systems.
- Preparation of communication packages with building blocks for the roll out communication, an Onboarding presentation and a “How-to”- presentation for Information security representatives; planning and execution of roll-outs.
- Automated analysis, so that local Information security representatives can take the necessary measures directly.
- Assessment tested successfully in 8 large systems.
Future Made Possible
- Facilitating local Information security representatives, to identify the security gaps in their own plants.
- Enabling global CISOs, to focus on synergies based on system results and to prioritize the Hotspots with High risks.
- Enabling the set-up of a best practice-community , so that well proven practices can be applied from one plant to another.
- Streamlining the on-site assessment.
- Initiating immediate actions that lead to begin of the continuous improvement cycle in the shop-floor.
- The evaluation will be gradually expanded to 150 plants worldwide.