Delivering OT Security from Legislation to Harmonized Daily Business at Industrial Sites
Vložit
- čas přidán 29. 08. 2024
- SANS ICS Security Summit 2023
Delivering OT Security from Legislation to Harmonized Daily Business at Industrial Sites
Speaker: Bernhard Reiter, OT Security Officer, OMV
This talk outlines the journey of an European integrated oil & gas corporation in implementing a holistic approach to deliver OT security from European Union-wide legislation (NIS) to harmonized daily business at industrial sites, where process safety is the first priority. The speaker, as the OT Security Officer at a refinery site in Germany, will present the steps taken to establish the OT Security Management System (OSMS) and the investment program (OT Security Roadmap) to cover all cyber security aspects at the site. The key approach was to customize a tool, "OTwin", to fit the needs of the OSMS, using an interdisciplinary team of technical authority, software developers, administrators, and peers from HSSE, operations and maintenance. The talk will present the sequence of realized use cases including Risk Management, Asset & Lifecycle Management, Patch & Vulnerability Management, Qualification-Management, and an interface to Network Security Monitoring tools. The talk is addressed to other operators and technical authorities, as well as managers, vendors, integrators, and consultants to show how sustainable OT security can be implemented. Key takeaways include: the implementation of an OT Security Roadmap as part of process safety, success of a structured investment program, a federal system of security standards, customization of a tool towards the OSMS, importance of integrated small teams in customization, resilience through installation and operation of the tool at major sites, and IT/OT convergence in the light of above-mentioned actions.
View upcoming Summits: www.sans.org/u/DuS
