OT Security Around the World: Saudi Arabia’s NCA OTCC-1: 2022
Saudi Arabia continues to bolster its cybersecurity infrastructure, being one of the most targeted countries by threat actors.
In IBM’s “Cost of a Data Breach Report 2024,” the Middle East was the second-highest region in average breach cost, at $8.75 million USD in 2023, up from $8.07 million in 2022.
To strengthen cybersecurity for Saudi Arabia’s industrial facilities, critical infrastructure, private businesses, and government agencies, the National Cyber Security Authority of Saudi Arabia issued the “Operational Technology Cybersecurity Controls” (OTCC-1: 2022). These controls were developed to increase the level of cyber protection for OT/ICS environments in view of the rising attacks on OT-linked infrastructure and networks.
OTCC-1: 2022 is organized into four main domains:
Cybersecurity Governance
Cybersecurity Governance includes subdomains like “Cybersecurity Policies and Procedures.” This subdomain includes a control for OT/ICS policies and procedures to be supported by cybersecurity requirements such as vendor recommendations, implementation guidelines, and configuration management guidelines. It also emphasizes roles and responsibilities, ensuring ICS assets are assigned to the cybersecurity function within organizations.
In another subdomain, “Cybersecurity in Change Management,” the framework mandates that cybersecurity requirements be included in change management methodologies and procedures to maintain the safe implementation of change requests in OT/ICS environments by exercising due diligence, analysis, and control of the changes. It also states that automated configuration and asset change detection mechanisms must be implemented. All of which is supported by Industrial Defender, as we’ll explain further below.
Cybersecurity Defense
The Cybersecurity Defense domain emphasizes that organizations maintain an accurate and detailed inventory of OT/ICS assets to support cybersecurity and operational requirements. It also calls for automated solutions that collect asset information, identify asset owners, and assess criticality.
Industrial Defender meets several of the Cybersecurity Governance and Defense domain requirements through its centralized OT Asset Management platform. With capabilities in collecting and managing comprehensive, detailed OT asset data, it provides precise understanding of configurations and asset ownership quickly and effectively. With the ability to baseline and assess against policies and best practices, it alerts to changes in configurations with contextual details to address any issues, ensuring systems are properly managed for system integrity.
Identity and Access Management
The data collected and managed with Industrial Defender also supports the “Identity and Access Management” subdomain. The platform can assess if credentials meet policies, such as ensuring defaults are not used and that passwords meet complexity standards. It also provides a view of user accounts and login attempts to review potential unauthorized access or suspicious activity.
System and Processing Facilities Protection
The “System and Processing Facilities Protection” subdomain emphasizes security configurations review and hardening, as well as periodic security patches and upgrades in alignment with vendor implementation guidance. Industrial Defender provides ongoing configuration monitoring. Combined with its policy library and baselining capabilities, it assesses whether configurations are hardened in alignment with set policies and best practices. This ongoing monitoring includes a comprehensive view of vulnerabilities, available patches, and patch status. Industrial Defender also indicates if controllers are in run or programming mode.
Cybersecurity Event Logs and Monitoring Management
For the “Cybersecurity Event Logs and Monitoring Management” subdomain, which ensures timely collection, analysis, and monitoring of cybersecurity events for early detection of potential cyber-attacks, Industrial Defender collects syslog data that can be integrated into SIEM solutions for further analysis.
Third-Party Cybersecurity
All the aforementioned capabilities also serve the domain of “Third-Party Cybersecurity,” as Industrial Defender is vendor-agnostic, monitoring every device and associated firmware and software for secure configuration, vulnerabilities, and versions.
Looking to Improve OTCC Compliance?
These are just some of the key ways Industrial Defender supports OTCC-1: 2022. To learn more about efficiently and effectively meeting OTCC requirements, we invite you to schedule a demo with one of our experts.
