How to Gain Operational Excellence Safely and Securely

First Decision: Who owns industrial security?

People and organizations are key elements to successful security

Security is a function of people, process, and tools—with people being the first and most critical element. In the area of industrial systems, there is an evolving and critical question regarding ownership and responsibilities.

Who owns security?

What organization is taking the lead on industrial security?

IT: 44%, OT: 14%, ICS security leadership (evenly shared between IT and OT): 35%, Another team: 7%

According to the 2019 ICS Security Report Survey from Dimensional Research, we can see that of the organizations that have both IT and OT teams, IT seems to be taking the lead on ICS security responsibility.

So, before you consider the first phase, you must first initiate a conversation regarding who owns what: capital budget, operations budget, who specifies the practices, who makes it happen. These are all key areas to investigate.

“Do not underestimate that your biggest challenge with integrating [will be] changing the mindset of both IT/OT to think like each other and leverage each other’s expertise.”

—SANS 2019 OT/ICS
Cybersecurity Survey