How many times have we heard on the plant floor “that’s an IT thing” or “as long as the plant is running and production doesn’t stop, everything is fine.” We embrace the dangerous assumption that we are safe.
The problem does not begin on the day of the attack but before, when we do not truly know where we are vulnerable.
In a real industrial incident, it is not just about how many specific industrial cybersecurity tools you have deployed on the plant floor.
Or whether you have IDS, IPS, OT EDR agents, or firewalls deployed segmenting the industrial network; it is also about knowing which of your critical plant processes are which, and which one will stop first if something fails.
Do you have this command of your industrial plant?
- Visibility: You know all your industrial assets, you have identified your organization’s critical assets and the actual dependencies between them.
- Priorities: Which of your lines or systems cannot stop for even 5 minutes.
- Coordination: You know who to turn to if you detect an incident.
- Decision: You are prepared to isolate a system, even if it means temporary loss of production.
In OT, we cannot focus solely on regulatory compliance.
We need to be clear about what our weak points are, which systems are connected to more things than we think, which external provider could become an entry vector, and what we can do to improve our cybersecurity posture.
Because once a real incident occurs, there is no longer time to map dependencies or debate priorities or responsibilities; we will only have room to make decisions. However, I know that many organizations choose to operate this way every day.
Operational resilience, which has been talked about so much lately, does not start with the incident response but much earlier.
How we manage to identify the weaknesses and know where we are most fragile before someone else discovers it for us.
With MACIN, we can obtain a vision of our operational resilience, which practices are solid, where we have organizational or technical vulnerabilities, and what we should reinforce first based on our results to prevent an incident from ultimately impacting us.
I think we can sum it up quite nicely: if you don’t know where you are weak or what those weaknesses are, you are not prepared, and in OT, improvisation causes us to acquire a technical debt that sooner or later ends up being paid off with production.