The next step is to begin to implement or start to adapt your security policy to your OT network. Here is where all of the cross-roads start to come together; the balancing of the business needs, security/liability risk, and cost.
The model above is a simplified adaptation of the ARC security lifecycle model. We have simplified the 5 step model of (Secure, Defend, Contain, Monitor, and Manage) into “Where to Start”, “Network Infrastructure” (Vertical Security), and “Industrial Cyber Security” (Horizontal Security).
Network Infrastructure (Vertical Security) – This is where the majority of customers are today. Some have started here in their journey, while others have evolved here by first establishing a security policy. Regardless, here is where the “vertical security” policies are implemented – this is typically focused on Authentication, Access Control, & Firewall Filtering.