REDLEGG BLOG

OT Security: A RedLegg Case Study

11/22/24 11:01 AM  |  by RedLegg Blog

This case study examines how RedLegg’s advisory team assessed and improved the OT security posture of a Food and Agriculture organization. Using NIST 800-82 OT Security Guidelines and the NIST Cybersecurity Framework (CSF), we identified vulnerabilities, analyzed operational risks, and developed a phased remediation plan. 

NIST 800-82 and CSF:
Foundations for OT Security

When we began this engagement, the mission was clear: assess the organization’s Operational Technology (OT) security posture using the trusted guidance of NIST’s 800-82 OT Security Guidelines. This framework is specifically designed to address the unique challenges of OT environments, providing clear strategies to identify vulnerabilities, mitigate risks, and enhance security while focusing on critical areas like performance, reliability, and safety. 

The NIST Cybersecurity Framework (CSF) served as a foundational tool for this work. Known for its adaptability, the CSF provides a structured approach to managing cybersecurity risks, offering organizations a customizable set of activities to improve their defenses. NIST CSF is especially valuable for prioritizing cost-effective improvements, aligning security goals with operational needs, and fostering a clear understanding of risk management priorities. We took these principles and tailored them specifically to the organization’s OT systems, applying the 800-82 guidelines to tackle the intricacies of their operational environment. 

The Role of OT Security in Food & Agriculture

The organization operates in the Food and Agriculture sector, one of the United States’ critical infrastructure components identified by the Cybersecurity and Infrastructure Security Agency (CISA). With 5.6% of the nation’s GDP and 10.4% of employment tied to this sector, ensuring the security of its systems is not just a business imperative—it’s a matter of national importance. This context underscored the importance of our work, ensuring that the recommendations we provided could not only enhance operational security, but would also align with broader compliance and infrastructure resilience goals. 

This organization’s operations depend on a range of OT systems to oversee and control critical processes like production, weighing, slicing, refrigeration, and packaging. These systems include open-loop and closed-loop controls, programmable logic controllers (PLCs), and Industrial Internet of Things (IIoT) devices, all interconnected via LAN, WLAN, and serial communication. Given the complexity and critical nature of these systems, the stakes for securing them are high. 

Identifying Vulnerabilities:
An In-Depth OT Security Review

Our engagement began with a deep dive into the current state of their OT environment. We conducted an extensive review of policies, procedures, and work products, analyzing past and ongoing projects to identify evidence of existing practices and potential gaps. We complemented this with hours of interviews with subject matter experts (SMEs) from the Information Security (IS) and Electrical Engineering teams. These conversations provided invaluable context about the operational realities, challenges, and security priorities of the organization. 

Through this process, we documented our findings using a comprehensive workbook, organized for clarity and actionability. This analysis formed the basis of a narrative report which outlined the current maturity of the organization’s OT security program, identified gaps in compliance with NIST guidelines, and prioritized these gaps based on risk and cost-effectiveness. From there, we developed a practical phased roadmap for gap remediation, focusing on efficient and impactful steps to strengthen the organization’s security posture. 

By leveraging the NIST CSF and 800-82 guidelines along with our experience in cybersecurity best practices, we helped the organization chart a clear path to stronger OT security. Our goal was to provide them with more than just a list of vulnerabilities—we delivered a prioritized, actionable plan that balances operational realities with security best practices, setting our client up for long-term resilience. 

How can RedLegg improve your OT Security?
Reach out to an Expert

Get Blog Updates

Related Articles

The CMMC Framework Levels vCISO, advisory, compliance, cmmc

The CMMC Framework Levels

As those in the Defense Industrial Base (DIB) look into the CMMC requirements, what exactly are the different levels of ...
Critical Security Vulnerabilities Bulletin