Cybersecurity is usually framed in terms of IT – from malware to phishing to ransomware, federal agencies are paying attention to securing their networks and endpoints. But leaders often overlook security measures for operational technology (OT) and industrial control systems (ICS), such as building automation systems, physical access control systems, physical environment monitoring systems, and implementing a Zero Trust Architecture.

In its August 2022 report to the White House, the National Security Telecommunications Advisory Committee (NSTAC) identified the convergence of IT and OT systems as an issue foundational to protecting national security and emergency preparedness. The SANS Institute outlined five critical controls in its October 2022 report, such as having an incident response plan that is distinct from one for an IT attack. And the Cybersecurity and Infrastructure Security Agency (CISA) considers protecting ICS a top priority and offers assistance to agencies in securing their OT systems.

• Reviewed the challenges that agencies face in identifying how and where their OT/ICS equipment connects to their IT systems
• Outlined the ways that security for OT/ICS differs from IT cybersecurity
• Understood the role of visibility and monitoring, and the steps needed to gain insight into OT/ICS