High value systems warrant hardcore hardening measures. The PI System resides at a critical junction, communicating across strict network boundaries. Under this paradigm, the PI System acts as a 'safe harbor' for data, defending critical systems by reducing the number of users inside the security perimeter while enabling growth in the number of users getting value from OT data.
The presentation focuses on Electric Power Research Institute’s (EPRI) Technology Assessment Methodology (TAM). TAM guides us through a methodical process that efficiently converges the assessment and mitigation activities to an effective result. The TAM provides a technical basis for making engineering decisions related to cyber security within the larger set of engineering activities for a facility change project. Consequence and hazard information can be combined with the TAM results to make risk informed cyber security decisions. This process allows the integration of consequence information obtained through analysis or pre-determined by external processes or authorities. This informs the cyber security control methods selected to properly balance cyber security method constraints to achieve the most appropriate risk reduction. While the TAM is designed to result in a secure facility, it also provides a method for mapping its assessment results to any regulatory or certification requirement set if needed.
Solutions: Security, Compliance
OSIsoft Products: Asset Framework; Data Archive; PI Vision
Lubos Mlcoch works in Technical Support as a Senior Escalation Engineer, working primarily with OSIsoft web and batch applications. Lubos is on the OSIsoft Cyber Security Champions team roster, focusing on Windows Security. He has attended CQURE�s Advanced Windows Security courses, achieving Windows Security Master certification in 2017 and 2018.
Lubos holds a B.S. in Computer Science from University of Technology (Brno, Czech Republic) and an M.S. in Business and Finance from Nottingham Trent University (UK).