14th Annual Security
& Compliance Summit
& Compliance Summit
Cyber Maintenance, Placing Security Controls in Work Management
Industrial facilities utilize many of the same security practices and procedures that are used in a traditional IT environment, but are originally tailored for IT not for OT. While similar work is being done, the consequences of the work can be vastly different. This means that operations and security/OT/IT personnel can be at odds, fighting over how best to perform a task and leading to the misconception that security personnel may move forward without usual regard for the systems affected. Work at industrial facilities is conducted under carefully controlled work management processes, more so for heavily regulated industries like nuclear power or chemical. These processes allow many different types of work to be done in and around equipment, incorporating safety, reliability, and sound engineering judgement. By integrating with this existing process, OT Security personnel can take advantage of the existing plant work
processes to ensure their own work is done in a secure, reliable and safe manner, combating the entropy that invariably follows introduction of security into a facility. This talk with share what the work management process is in broad strokes, how work is scheduled and approved at an industrial facility, the benefits of using the process, and how ICS security work can be integrated into the process for better efficiency, risk reduction, andconsistency.
Michael Toecker is the Chief Technical Officer of inspekt.us and a security engineer specializing in the cyber security of electric power systems. Mr. Toecker has spent 13 years working in electric power and control system security, first at a Big 5 power engineering firm, then at the power generation arm of a major utility, and later at control system security firm Digital Bond. Toecker then started the boutique consulting firm, Context Industrial Security, in April of 2014 to continue his work in control systems security. While at Context,
Toecker has worked with electric utilities, manufacturing, chemical, and water on implementation of quality cyber security practices. After several years of practical experience, Toecker has developed several product ideas based on his observations of industry and cyber security and last year formed inspekt.us with Elisabeth Stephany to translate those ideas into practical products for the industrial security community.