The Five ICS Cybersecurity Critical Controls

When asked which OT cybersecurity measures are needed, reference is usually made to the ISA/IEC-62443 standard or the NIST Cyber Security Framework. And rightly so. However, it often proves difficult to translate this into concrete and effective measures. Where do you start? In addition, a well-known 'shortcoming' of existing frameworks is that 60-95% is about prevention: hardening, passwords, access control and updates. As a result, organizations pay very little attention to detection & response. At first glance, security then seems reasonably in order, while actual cyber resilience is only low. In this lecture, we will discuss five measures that are truly essential, based on the SANS whitepaper 'The Five ICS Cybersecurity Critical Controls'. These are based on real-world OT attacks. You will receive tools that you can start using tomorrow and immediately increase cyber resilience!

Speaker: Gert Ippel – Actemium-Axians

Gert Ippel has been working in the Operation Technology domain for almost 30 years. He has built up a lot of knowledge of OT systems on the different layers of the Purdue model. Since 2017, he has been helping organizations improve OT cyber resilience using a standardized approach through assessments, training and guidance. His expertise is underlined by GICSP, CISSP and ISA/IEC-62443 Cybersecurity Expert certifications.