In a recent interview to FedScoop I was asked to comment my opinions on the recent NIST SP-800-184 draft publication, which is focused on Guide for Cyber security Event Recovery.
After reading the publication, and acknowledging its importance, i think we are still left with several issues. The IT industry at large has seen an evolutionary process where a lot of attacks had mitigation in place, in what is already a best practice. however, in the OT domain this process did not take place.
One of the challenges OT security personnel face is how to gather all information in one place, to allow analysis and comply with audit requirements. As business continuity is a major focal point for the OT industry, security should play a larger role in easing it into happening - through better tools, access and visibility.
Resources