{"id":93534,"date":"2021-05-18T09:00:19","date_gmt":"2021-05-18T16:00:19","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=93534"},"modified":"2023-05-15T23:06:37","modified_gmt":"2023-05-16T06:06:37","slug":"mitigate-ot-security-threats-with-these-best-practices","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/","title":{"rendered":"Mitigate OT security threats with these best practices"},"content":{"rendered":"<p><em class=\"x-hidden-focus\">The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager\u00a0<a href=\"https:\/\/www.linkedin.com\/in\/nataliagodyla\/\" target=\"_blank\" rel=\"noopener\">Natalia Godyla<\/a> talks with <a href=\"https:\/\/www.linkedin.com\/in\/chrissistrunk\" target=\"_blank\" rel=\"noopener\"><em>Chris Sistrunk<\/em><\/a><em>, Technical Manager in Mandiant\u2019s ICS\/OT Consulting practice and former engineer at Entergy, where he was a subject matter expert on transmission and distribution of <\/em><em>supervisory control and data acquisition (SCADA) systems. In this blog, Chris shares best practices to help mitigate the security threats to operational technology (OT) environments.<\/em><\/em><\/p>\n<p><strong>Natalia: What tools do you use to monitor and govern your OT environment?<\/strong><\/p>\n<p><strong>Chris:<\/strong> First, you can use the control system itself, which already offers some level of visibility into what&#8217;s happening. It looks like NASA control. Operators sit and watch the process all day. You can see what looks normal and what doesn&#8217;t look normal.<\/p>\n<p>What\u2019s new is not just looking at the system itself but at OT network security. Especially in the last five or six years, the focus has been on getting network visibility sensors into the control network. There are several vendors out there that understand the protocols, like MODBUS, Siemens S7, and DNP3, and have developed sensors that are purpose-built to analyze OT network traffic rather than IT traffic.<\/p>\n<p>With a newer control system, it&#8217;s much easier. Many times, they&#8217;ll use virtual machines to manage OT, so you can put agents in those areas. If it&#8217;s a <a href=\"https:\/\/www.microsoft.com\/en-us\/windows\" target=\"_blank\" rel=\"noopener\">Windows 10<\/a> or Windows 7 environment, you can even use <a href=\"https:\/\/www.microsoft.com\/en-us\/windows\/comprehensive-security\" target=\"_blank\" rel=\"noopener\">Microsoft Defender Antivirus<\/a> and collect the Windows event logs and switch logs. If you don&#8217;t look at the logs, you&#8217;re not going to know what&#8217;s there, so you need to monitor behavior at the network layer using technologies like deep packet inspection (DPI) to identify compromised devices.<\/p>\n<p><strong>Natalia: What are some best practices for securing remote access to the OT network?<\/strong><\/p>\n<p><strong>Chris:<\/strong> Number one, if you don&#8217;t need it at all, don&#8217;t have it. That\u2019s the most secure option.<\/p>\n<p>Number two, if you have to have it, make sure it&#8217;s engineered for why it&#8217;s needed and tightly control who can use it. It\u2019s also important to make sure it\u2019s monitored and protected with <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/identity-access-management\/mfa-multi-factor-authentication\" target=\"_blank\" rel=\"noopener\">multifactor authentication<\/a> (MFA) unless it\u2019s just for read-only access to the control network, in which case it\u2019s less of a risk. A lot of times, these OT equipment vendors require in their warranty contracts that they have remote access with full control and the ability to change configurations, which means you\u2019ve given someone a high level of privileged access to your control systems.<\/p>\n<p>Number three, have a process and procedure for when that remote access is used and when it&#8217;s turned off. You should at least know who was there and for how long, and who did what, using audit logs, for example.<\/p>\n<p>I want to highlight that the Water ISAC, the international security network created for the water and wastewater sector, published a free document called <a href=\"https:\/\/www.waterisac.org\/fundamentals\" target=\"_blank\" rel=\"noopener\">15 Cybersecurity Fundamentals for Water and Wastewater Utilities<\/a>. It\u2019s a reminder to consider where remote access is coming from.<\/p>\n<p><strong>Natalia: What percentage of organizations are continuously monitoring their OT networks?<\/strong><\/p>\n<p><strong>Chris:<\/strong> Today, it&#8217;s the exception, not the rule. The only ones monitoring are the ones that have to do it, such as nuclear companies, and the 3,000 or so largest electric utilities that are under North American Electric Reliability Corporation Critical Infrastructure Protection Standards (NERC CIP) regulation, as well as any companies that might have been attacked in the past. But even NERC CIP doesn\u2019t require continuous network security monitoring, just monitoring event logs in a SIEM, for example, which means you can still miss stuff.<\/p>\n<p>So percentage-wise, it\u2019s not very many, especially in non-regulated sectors like manufacturing, pharmaceuticals, chemicals, oil and gas, mining, and warehousing and logistics.<\/p>\n<p>Companies don&#8217;t like to spend money on security if they don&#8217;t have to. Unfortunately, it&#8217;s going to take an attack. We didn&#8217;t have electric reliability standards until we had two Northeast blackouts that affected millions of people in 1965 and in August 2003. After that, they said, \u201cOh, we should probably have some electric reliability standards.\u201d When I started at the power company, one of the lineman safety instructors said, \u201cSafety rules are written in blood.\u201d The only reason why we have reliability rules is because we&#8217;ve had darkness.<\/p>\n<p><strong>Natalia: How can teams break down IT and OT silos?<\/strong><\/p>\n<p><strong>Chris:<\/strong> Communication. It\u2019s the only thing you can do. If you\u2019re in IT, go take a box of doughnuts down to the operators and ask, \u201cWhat are the pain points here? How can I learn more about what you do so I can understand and so you won&#8217;t slap my hand every time I say, \u2018Please patch.\u2019\u201d They will be overjoyed that someone came and visited them to learn about what they do.<\/p>\n<p>Generally, if an IT guy with a white hard hat that has never had a scratch on it comes in, operators think, \u201cDon&#8217;t touch anything.\u201d But if you build that trust and communication, that strengthens an organization, and you can start training and knowledge sharing.<\/p>\n<p><strong>Natalia: What should roles and responsibilities look like?<\/strong><\/p>\n<p><strong>Chris:<\/strong> Now, anything that&#8217;s on a network, even in the control system environment, can report up through the chief information officer (CIO) or chief information security officer (CISO). Even in power companies, they&#8217;re putting everyone, even the folks who do SCADA for the power grid, under the CIO or CISO instead of under operations. At smaller companies, like water and wastewater, it\u2019s still the old situation, where you have an IT guy and an OT engineer or operator. At larger companies, OT is coming through the IT organization under the CIO or IT is under the CIO and operations is still under operations, and the link is under the CISO. You might have security people in IT and security people in OT.<\/p>\n<p>If you\u2019re wondering whether the CISO should be responsible for both IT and OT security, it\u2019s a simple answer. You can&#8217;t have enterprise-wide security unless you include OT. Security needs to be applied to it all, but go to a provider that says they provide enterprise-wide security and ask, \u201cDo you know anything about OT networks in power plants?\u201d \u201cNope.\u201d OK, then, you don\u2019t do enterprise-wide security. You\u2019re not protecting what makes money.<\/p>\n<p><strong>Natalia: Should companies unify IT and OT security in the security operations center (SOC)?<\/strong><\/p>\n<p><strong>Chris:<\/strong> I&#8217;ve seen it implemented as one unified SOC, but I&#8217;ve also seen two separate ones because if they have physically separate systems, they have to have <a href=\"https:\/\/azure.microsoft.com\/en-us\/services\/azure-sentinel\/\" target=\"_blank\" rel=\"noopener\">physically separate SIEMs<\/a>. For instance, a nuclear plant will have its own SOC, and corporate will have its own SOC. If a power company has a nuclear power plant, that plant will have its own SOC because it\u2019s air-gapped and not connected to the outside world or the IT network. But if you have an oil and gas environment, it may have both combined into one.<\/p>\n<p>There are pros and cons. If you have the money and the budget and the people, you can do it either way. Just put your people in a room, give them a lunch of pizza, and let them come up with the best solution. There are advantages of having a unified SOC. You don&#8217;t even need an OT-specific SOC analyst. Just have a good IT security person learn from the control engineers or operators, and then create those alerts, and do hunting, tool tuning, and rule tuning.<\/p>\n<p><strong>Natalia: What would you say to a board of directors to get them to prioritize OT security?<\/strong><\/p>\n<p><strong>Chris:<\/strong> I\u2019d keep it short and sweet: \u201cWhat would happen if you couldn\u2019t make hammers anymore?\u201d If the CISO can&#8217;t answer that question, you know the person needs to gain that awareness. Do we have visibility of the network? Do we have offsite backups for our control systems? Do we have security awareness training?<\/p>\n<p><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/01\/31\/ciso-series-talking-cybersecurity-with-the-board-of-directors\/\" target=\"_blank\" rel=\"noopener\">Board members<\/a> are not concerned with the latest and greatest advanced persistent threat (ATP), but they do care about risk to the business. They\u2019ll say, \u201cWe don&#8217;t have any security because we don&#8217;t have enough people. If we don&#8217;t have security implemented, we have a small risk of having downtime.\u201d If you talk to any manager, they\u2019ll know exactly how much money they lose per day if production goes down. We look at business risk in terms of the equation: risk equals impact times probability. Since we don&#8217;t have enough data about cyberattacks in OT to have a probability, we tie cybersecurity to the risk register and substitute probability with exploitability. How easy is it to exploit? Can a script kiddie do it? Could my 13-year-old son do it?<\/p>\n<p>If you&#8217;ve got an operating system exposed to the Internet, discoverable via Shodan, it is exploitable within minutes. What is the impact of that? If it&#8217;s in a chemical, pharmaceutical, food factory, or refinery, that&#8217;s a problem not just for downtime but more importantly because it could cause a safety or environmental incident. If it&#8217;s a temperature gauge, that&#8217;s much less risk. Companies will have a risk register for everything else, including natural disasters. They should have one for OT cybersecurity risk too.<\/p>\n<h2>Learn more<\/h2>\n<p>To learn more about Microsoft Security solutions, <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\" target=\"_blank\" rel=\"noopener\">visit our website<\/a>. Bookmark the <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\" target=\"_blank\" rel=\"noopener\">Security blog<\/a> to keep up with our expert coverage on security matters. Also, follow us at <a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noopener\">@MSFTSecurity<\/a> for the latest news and updates on cybersecurity.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Chris Sistrunk, a Technical Manager in Mandiant\u2019s ICS\/OT Consulting practice, shares best practices to improve operational technology security.<\/p>\n","protected":false},"author":106,"featured_media":93535,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3659],"topic":[3685,3687],"products":[3690],"threat-intelligence":[3733],"tags":[],"coauthors":[2433,2568],"class_list":["post-93534","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-best-practices","topic-siem-and-xdr","topic-threat-intelligence","products-microsoft-defender","threat-intelligence-iot-ot-threats"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Mitigate OT security threats with these best practices | Microsoft Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Mitigate OT security threats with these best practices | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"Chris Sistrunk, a Technical Manager in Mandiant\u2019s ICS\/OT Consulting practice, shares best practices to improve operational technology security.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-18T16:00:19+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-16T06:06:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/05\/SUR20_Pro7_Contextual_02240_CMYK.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Natalia Godyla, Chris Sistrunk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/05\/SUR20_Pro7_Contextual_02240_CMYK.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Natalia Godyla, Chris Sistrunk\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/natalia-godyla\/\",\"@type\":\"Person\",\"@name\":\"Natalia Godyla\"},{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/chris-sistrunk\/\",\"@type\":\"Person\",\"@name\":\"Chris Sistrunk\"}],\"headline\":\"Mitigate OT security threats with these best practices\",\"datePublished\":\"2021-05-18T16:00:19+00:00\",\"dateModified\":\"2023-05-16T06:06:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/\"},\"wordCount\":1628,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/05\/SUR20_Pro7_Contextual_02240_CMYK.jpg\",\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/\",\"name\":\"Mitigate OT security threats with these best practices | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/05\/SUR20_Pro7_Contextual_02240_CMYK.jpg\",\"datePublished\":\"2021-05-18T16:00:19+00:00\",\"dateModified\":\"2023-05-16T06:06:37+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/05\/SUR20_Pro7_Contextual_02240_CMYK.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/05\/SUR20_Pro7_Contextual_02240_CMYK.jpg\",\"width\":1200,\"height\":800,\"caption\":\"Adult female in an industrial factory setting holding a platinum Microsoft Surface Pro 7 in tablet mode while preparing to use a Microsoft Surface Pen with Microsoft Dynamics screen shown.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Mitigate OT security threats with these best practices\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Mitigate OT security threats with these best practices | Microsoft Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/","og_locale":"en_US","og_type":"article","og_title":"Mitigate OT security threats with these best practices | Microsoft Security Blog","og_description":"Chris Sistrunk, a Technical Manager in Mandiant\u2019s ICS\/OT Consulting practice, shares best practices to improve operational technology security.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/","og_site_name":"Microsoft Security Blog","article_published_time":"2021-05-18T16:00:19+00:00","article_modified_time":"2023-05-16T06:06:37+00:00","og_image":[{"width":1200,"height":800,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/05\/SUR20_Pro7_Contextual_02240_CMYK.jpg","type":"image\/jpeg"}],"author":"Natalia Godyla, Chris Sistrunk","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/05\/SUR20_Pro7_Contextual_02240_CMYK.jpg","twitter_misc":{"Written by":"Natalia Godyla, Chris Sistrunk","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/natalia-godyla\/","@type":"Person","@name":"Natalia Godyla"},{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/chris-sistrunk\/","@type":"Person","@name":"Chris Sistrunk"}],"headline":"Mitigate OT security threats with these best practices","datePublished":"2021-05-18T16:00:19+00:00","dateModified":"2023-05-16T06:06:37+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/"},"wordCount":1628,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/05\/SUR20_Pro7_Contextual_02240_CMYK.jpg","inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/","name":"Mitigate OT security threats with these best practices | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/05\/SUR20_Pro7_Contextual_02240_CMYK.jpg","datePublished":"2021-05-18T16:00:19+00:00","dateModified":"2023-05-16T06:06:37+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/05\/SUR20_Pro7_Contextual_02240_CMYK.jpg","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/05\/SUR20_Pro7_Contextual_02240_CMYK.jpg","width":1200,"height":800,"caption":"Adult female in an industrial factory setting holding a platinum Microsoft Surface Pro 7 in tablet mode while preparing to use a Microsoft Surface Pen with Microsoft Dynamics screen shown."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/05\/18\/mitigate-ot-security-threats-with-these-best-practices\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"Mitigate OT security threats with these best practices"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/93534"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/106"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=93534"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/93534\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/93535"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=93534"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=93534"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=93534"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=93534"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=93534"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=93534"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=93534"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}