Targeted Ransomware Requires Modern Approaches to OT Cyber Risk Management
Targeted ransomware has emerged as a major threat to industrial operations / OT systems. The Colonial Pipeline and JBS shutdowns are only the latest. The trend is likely to worsen - today's targeted attacks use tools and techniques comparable to those used exclusively by nation states only a half decade ago.
Some enterprise security mechanisms are very costly to apply in OT systems because of extended safety, equipment protection and other risk management programs. We see emerging risk avoidance mechanisms which are unique to the OT space, but are under-utilized by enterprise risk management and security practitioners.
This presentation highlights three modern cyber risk management strategies and examines their effectiveness against targeted ransomware with particular attention on the operations risk. The presentation will outline a simple and robust approach to managing OT cyber risks, including Security PHA Review (SPR), Consequence-Driven, Cyber-Informed Engineering (CCE), and Secure Operations Technology (SEC-OT).