Wednesday, November 10, 2021
Overview Bosch setup
- Challenges building a sufficient OT security system
- Bosch approach and lessons learned:
o OT asset inventory
o ICS detection
o Compensating security controls
o Interfaces to IT security
- How our own experience paved the way for the foundation of CyberCompare for external customers
OEMs are taking a more active approach to product security and development, Patching is one of the oldest and most traditional ways to manage risk. It also is a slow and expensive way to manage risk so it is frequently avoided in the OT world. What else should be considered to manage risk?
Do we understand the aspects of cyber risk?
Where is the gap of what you dont know?
Inside out apporach (product development and features) - Outside in approach (Don't deploy products into a environment that does not have a secure perimeter) >>Getting the balance right<<
What is the impact of the those risks?
Are trying to get ahead or are we simply responding to risk?
What are mitigating controls?
Getting the right talent and thought process in the right positions
Understanding the life cycles and that what we do is never enough but we can plan and anticipate "better"