• Enewsletters
  • Webinars
  • eHandbooks
  • Great Question: A Manufacturing Podcast
    1. Safety and Security
    2. Industrial Cybersecurity

    Cyber threat detection and prevention checklist

    July 24, 2019
    The challenges and tasks required for successful cybersecurity never run out.

    Well begun truly is half done, but with cybersecurity, it's still hard to progress beyond initial steps like updating passwords and segmenting networks with managed Ethernet switches used as firewalls to monitor network traffic, detecting suspicious behavior, and responding to threats and attacks.  

    "We started our cybersecurity journey at the tail end of a smart grid deployment when we realized we had a large amount of data that wasn't going to be useful if we couldn't operationalize it, which meant we had to get comfy with our security group," says Jason Nations, senior enterprise security manager at OGE Energy Corp., Oklahoma City, who spoke at ARC Industry Forum 2019 earlier this year in Orlando. OGE is a vertical electric utility that uses natural gas, coal, wind and solar sources to generate power for 700,000 customers in Oklahoma and western Arkansas. "We inventoried all our assets and connection, and used a line-item diagram, so we knew every cable and what it was connected to, including showing what sensors were needed. However, we also learned cybersecurity is a people problem as much as it's a technical one, and that we needed to get everyone onboard, especially to get our use cases in line. Without the involvement of our field personnel, execution was also at risk."

    Nations reports that OGE aimed to implement continuous monitoring in its control system networks; gain enterprise visibility across its OT environment; perform real-time inventory of its control system cyber assets and further mature its detection capabilities; and improve its incidence response capabilities. Cybersecurity solutions had to meet its use cases; form a long-term relationship with OGE; support its commitment and capabilities; and integrate with the utility's ICS security program. It also followed the National Institute of Standards and Technology's Cybersecurity Framework and the U.S. Dept. of Energy's Cybersecurity Capability Maturity Model (C2M2); planned and coordinated deployments with field personnel; implemented undisclosed ICS threat intelligence software and components within three months; and integrates alerts from the U.S. Dept. of Homeland Security's (DHS) Industrial Control System-Cyber Emergency Response Team. Nations adds that OGE is also using John Kindervag's Zero-Trust Network model that takes a guilty-until-proven-innocent approach.

    To learn more, read "Do the cybersecurity to-do list" from Control.

    Continue Reading

    Sponsored Recommendations

    Effective Enclosure Heating

    Aug. 22, 2024
    Effective enclosure heating is essential for peak operational efficiency in outdoor and indoor contexts.

    Busbar: The Next Evolutionary Step in Control Panel Design

    Aug. 22, 2024
    Learn how busbar power distribution can help control panel manufacturers unlock enhanced safety, lower costs, and a reduced automation footprint.

    Reduce Contamination with the Right Enclosure for Your Food and Beverage Application

    Aug. 22, 2024
    Protecting electrical controls and equipment within food and beverage plants presents unique challenges due to the sanitation requirements of the hygienic environment.

    Enclosure Climate Control: Achieving the Ideal Temperature

    March 28, 2024
    There are several factors to consider when optimizing the climate inside your electrical enclosure. Download this white paper to learn more.