Risk Management for Operational Technology (OT) Systems

Robert Radvanovsky is an active professional in the United States with over 50 years of knowledge in security, engineering, risk management, business continuity, and disaster recovery planning and remediation. He has numerous degrees in business administration, engineering, and computer science. He has significantly contributed to establishing several certification programs, specifically in the areas of critical infrastructure protection (utilizing a holistic/all-hazards approach to CIP, rather than NERC CIP), cyber forensics, cybersecurity (encompassing IT, OT, and control systems), and incident response management. Bob has a special interest and knowledge in matters of critical infrastructure and has published numerous articles and research papers, and is considered a World-renowned expert regarding this topic. Although he has been significantly involved in establishing security training and awareness programs through his company, Infracritical, his extracurricular activities include working with several professional accreditation and educational institutions on topics such as homeland security, critical infrastructure, and cybersecurity. He is the owner of the SCADASEC mailing list for SCADA and control systems security discussion forums, while working as an active participant with several industry-related as well as U.S. government-related special interest groups pertaining to critical infrastructure protection, cybersecurity (specifically OT and control systems), and incident response management. Additionally, he has written numerous books pertaining to critical infrastructure protection and assurance, homeland security, policy management, information security and privacy, infrastructure protection law, regulatory and compliance standards for cybersecurity (specifically OT and control systems), cybercrime, transportation systems security, and more. He has authored “Critical Infrastructure: Homeland Security and Emergency Preparedness” (First Edition), co-authored with Allan McDougall on the “Critical Infrastructure: Homeland Security and Emergency Preparedness” (Second, Third, Fourth and Fifth Editions) and the “Transportation Systems Security” books, as well as co-authored/co-edited with Jacob Brodsky on the “Handbook of SCADA / Control Systems Security” (First and Second Editions) books; and, has written several chapters in numerous books pertinent to cybercrime, cyber forensics, cyber e-discovery, cybersecurity law, international cybersecurity law, international cybersecurity policy (both NATO and private-sectored), risk and governance management, and incident response management. Steve Mustard is an industrial automation consultant with extensive technical and management experience across multiple sectors. He is a licensed Professional Engineer (PE) in Texas and Kansas, ISA Certified Automation Professional® (CAP®), UK registered Chartered Engineer (CEng), European registered Engineer (Eur Ing), GIAC Global Industrial Cyber Security Professional (GICSP), and Certified Mission Critical Professional (CMCP). Backed by more than 35 years of engineering experience, Mustard specializes in the development and management of real-time embedded equipment and automation systems and cybersecurity risk management related to those systems. He serves as president of National Automation, Inc. Mustard is a member of the Water Environment Federation (WEF) Safety and Security Committee. He was the 2021 President of the International Society of Automation (ISA) and is a Liveryman of the Worshipful Company of Engineers. Mustard writes and presents on a wide array of technical topics and is the author of “Industrial Cybersecurity, Case Studies and Best Practices” and “Mission Critical Operations Primer”, both published by ISA, and “A Guide to Cybersecurity for Water and Wastewater Utilities”, published by WEF. He has also contributed to other technical books, including WEF’s “Design of Water Resource Recovery Facilities, Manual of Practice No.8, Sixth Edition” and “The Digital Twin” book, published by Springer. Mustard’s previous and current client list includes: the UK Ministry of Defense; NATO; major utilities, such as Anglian Water Services and Sydney Water Corporation; major oil and gas companies, such as bp, BG Group, and Shell; Fortune 500 companies, such as Quintiles Laboratories; and other leading organizations.

1.Risk Management 2. What is Operational Technology (OT)? 3. Misinterpretation of Risk and Its Misuse 4. How to Measure Risk 5. Risk Assessment Frameworks 6. Risk Assessment Process 7. Emerging Risks in OT Cybersecurity and the Growing Need for Risk Assessments 8. Regulation, Culture, and Governance 9. Incident Response and Recovery 10. Post-incident Analysis 11. Continuous Improvement in OT Cybersecurity 12. Closing Thoughts Appendices Index