Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Security Leadership and ManagementCybersecurity NewsInfrastructure:Electric,Gas & Water

Three Best Practices to Secure Critical Infrastructure

By Edgard Capdevielle
c-suite
September 6, 2018

In the last few years, executives overseeing energy, utility and other industrial organizations have begun to worry about the threat of cyberattacks on our nation’s most critical infrastructures. Ten years ago, their main concerns were focused on safety or environmental risks. Back then, operators believed the virtual barricades, or air gaps, between networks and technologies were sufficient enough to defend against malware and cyberattacks.

Over the years that’s gradually changed, and today the industrial C-suite is acutely aware that cybercriminals, hackers, corporate espionage and state-sponsored actors have critical infrastructure and industrial environments in their sights. Last December, the TRITON attack against a petrochemical processing plant in the Middle East drove home the need to strengthen industrial control security.

There are important areas that executive teams should focus on in order to protect critical infrastructure and manage cyber risk associated with industrial operations. They include assessing and updating cyber defenses, improving network visibility, and establishing an effective preparedness plan ahead of possible attacks.

 

Three Important Best Practices to Strengthen Cybersecurity

The C-suite must manage industrial cybersecurity risk and protect their organizations’ reputations. Following three simple, yet important, best practices will allow your organization to prepare for the operational, business and industry reputation risks posed by cyberattacks on operational technology infrastructures.

 

Integrate Cybersecurity with Artificial Intelligence and Machine Learning

Advances in artificial intelligence now allow the process-oriented anomaly detection necessary to deliver the same levels of cyber protection in operational technology (OT) as in information technology (IT). Solutions that use machine learning to understand the OT environment can play a critical role in helping improve your OT security posture. By learning autonomously and adapting, as well as tapping into artificial intelligence, the right solutions can help manage alerts, reduce false positives and find the threats that might otherwise be lost in a flood of data. The end result is more effective threat mitigation and response.

 

Increase Visibility

Visibility into industrial networks and their risk exposure is key to improving critical infrastructure cyber resiliency and operational reliability. Effective visibility requires real-time network monitoring and a continuously updated network asset inventory.

Equally important is consolidated visibility across regional or multinational facilities. This helps reduce support costs, speeds troubleshooting and improves staff efficiencies. Facilities should be aligned to support visibility across the organization, so decisions can be made in context with the most accurate and up-to-date information.

 

Improve Preparation Planning

An important, yet often overlooked, part of an effective OT cybersecurity posture is a thoughtfully developed and well-rehearsed crisis response plan. On this topic we spoke with Standing Partnership’s Mihaela Grad, who advises industrial organizations on cybersecurity-related issues, crisis planning and reputation management.  She recommends four key steps for getting it right:

  • Align all your crisis response plans: Assemble all existing policies, business continuity, operational and communications plans, plus reports that outline the risks your organization faces.
  • Build or update a cross-functional crisis team: Your crisis response team should include representatives from across the organization – safety operations, legal, IT/OT, customer service, communications, HR, etc. – spanning head office and remote operational units.
  • Develop a written plan: It’s best to have a written crisis response plan that contains response team members and responsibilities, assessment criteria, decision protocols and responses to scenarios most likely to impact your organization. A plan eliminates second-guessing and speeds up response time during a crisis. Ideally, it is reviewed and updated every six to 12 months.
  • Train your team: A plan without training isn’t worth much. Gather the cross-functional crisis response team at least once a year to run through the communications plan, and make sure members can execute seamlessly during high-stress situations.

 

Protecting the entire IT and OT environment is quickly becoming a business imperative for industrial executives. Organizations who acknowledge this threat are adopting technologies that provide real-time visibility for the best possible defense, and those who regularly practice an effective response plan will be well-equipped to meet the challenge.

 

This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.

KEYWORDS: C-suite security cyber resiliency cyberattack Emergency Preparedness hackers

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Edgard Capdevielle is CEO of Nozomi Networks

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Inside of water disposal pipe

    Best practices for securing critical and public infrastructure

    See More
  • financial-data-freepik1170.jpg

    4 security best practices to secure financial report data

    See More
  • SR-water

    Combatting security threats to our nation’s critical water infrastructure

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • school security.jpg

    School Security: How to Build and Strengthen a School Safety Program

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing