When Does a Project Need Operations Technology Cybersecurity?

Advisory Details

  • Issue Date:

    September 9, 2022

  • Importance

    Information Only

  • Summary

    When Does a Project Need Operations Technology Cybersecurity?

  • Systems Impacted

    All projects or planning stages associated with or impacting Operational Controls, Business Continuity or Disaster Recovery.

All operational, digital or controls projects or planning exercises trigger OT cybersecurity considerations. Responses to specific questions can help to identify the requirements or depth necessary to attain or maintain a good cybersecurity posture. Proposed questions to consider include:

1. Is my facility’s cybersecurity control governed by directives, or regulatory requirements?
(e.g., TSA Identified Critical Asset Owner/Operator, Coast Guard Directive, State or Local Regulatory)
2. What other Cybersecurity alignments must I consider?
(e.g., Internal Management, Stakeholders, Business Partnerships)
3. Do I clearly understand and have I considered the organization’s:
     • Business Continuity Objectives?
     • The Role of the Cybersecurity Coordinator (if one exists)?
     • The Corporate Risk Objective (i.e., the corporate tolerance for risk)?
     • The Primary Corporate Risk Strategy (i.e., Accept, Mitigate, Transfer, Share)?
     • Physical and Data Security Requirements?
     • Incident Reporting, Response, and Recovery Requirements?
4. Do I have or need a more comprehensive Asset Inventory to meet the requirements of the project?
5. Will my project add to or modify cybersecurity documentation required?
6. Will my project or plan affect any ‘Top Ranked Critical Assets’ to maintain safety or business continuity?

Actions and/or Recommendations

At Mangan Cybersecurity, we believe a project will always need to consider Operations Technology Cybersecurity when changes or additions are planned. The considerations above are just a few indicators that can help to identify your needs to reach out for OT cybersecurity assistance.

About REAL Matters and Mangan Inc.

REAL Matters advisories are published to communicate cybersecurity threats and risks within the Operational Technology (OT) environment and where Critical Infrastructure vulnerabilities are identified. The purpose of this newsletter is to inform, propose suggested approaches to mitigate the risk as well as provide feedback on how Mangan Cybersecurity is approaching the issue(s) addressed.

Mangan Inc. is a nationally-recognized Specialty Engineering, Automation, and Integration company, providing a full-range of services to the Oil & Gas, Refining, Pipeline, Chemicals, and Life Sciences Industries. Established in Long Beach, California in 1990, Mangan’s multiple office locations include sites in California, Georgia, New Hampshire, North Carolina, Texas, and Louisiana. Mangan’s 350+ employee-owners bring expertise, innovation, and safety as their core mission to some of the largest companies in the world.

Scroll to Top