From Triton to Stuxnet: Preparing for OT Incident Response

2020-11-12 14:00

LC: Trying to plug IT security on top of operations has caused the water to be bloodied for many years, often times there are very hostile relationships between the IT and the operational teams because IT security's been trying to force what we consider standard cyber security models on top of the OT systems, and it just doesn't work.

So if you don't have basic incident response preparation done in either your IT or OT environment, you're going to see spending a lot more money when you have an incident to have it done by your consulting incident respondent, or even your on staff highly paid incident responders.

Then on top of that, you need to have an OT incident response plan as well as an IT response plan.

I heartily disagree with anybody who tries to claim that your IT incident response and security program can just wholly cover OT and your ICS systems, it's just not possible.

I've walked into so many organizations as an incident response consultant, where they hand me the OT Incident Response Plan, and they say, Oh, it's in here, right? And then I look through it and there's nothing about an OT asset inventory, what devices are there, what they do, what vendors and firmware revisions are in place.

News URL

https://threatpost.com/triton-stuxnet-ot-incident-response/161147/

#incidentresponse #stuxnet #triton