Abstrakt: |
It is shown that effective cybersecurity risk management in operational technology environments requires the recognition of some key differences in the risk profile, in the strategic approach, in technology, in approaches to vulnerabilities and updates, in the need for skills. It is shown that planning and strategy should be carried out in constant cooperation with all relevant stakeholders, including operational engineers who have specialized experience in ensuring the operability of operational technology equipment and maintaining complex relationships with suppliers of automated process control systems. The analysis of the main risks for industrial companies and critical infrastructure facilities is carried out. Approaches to the analysis of cyber risks by the bowtie method are given. It is noted that industrial companies seeking to automate their work to improve their efficiency face problems with equipment of technological networks: low security of the outer perimeter of the network accessible from the Internet, low protection against penetration into the technological network, device configuration shortcomings, network segmentation and traffic filtering vocabulary passwords, use of outdated software versions. [ABSTRACT FROM AUTHOR] |