{"id":6689,"date":"2024-10-22T16:04:29","date_gmt":"2024-10-22T19:04:29","guid":{"rendered":"https:\/\/base4sec.com\/sin-categorizar\/principios-de-ciberseguridad-en-ot\/2024\/10\/22\/"},"modified":"2025-02-26T16:09:36","modified_gmt":"2025-02-26T19:09:36","slug":"principios-de-ciberseguridad-en-ot","status":"publish","type":"post","link":"https:\/\/base4sec.com\/en\/technical-en\/principios-de-ciberseguridad-en-ot\/2024\/10\/22\/","title":{"rendered":"Principles of Cybersecurity in OT"},"content":{"rendered":"<p>The National Security Agency (NSA) has partnered with cybersecurity agencies in Australia,<br \/>\nCanada, Germany, Japan, the Netherlands, New Zealand, South Korea and the United Kingdom to<br \/>\nlaunch a guide that presents six fundamental principles. These principles are intended to assist in<br \/>\nthe creation and maintenance of a secure and critical environment for operational technology (OT)<br \/>\ninfrastructure.<br \/>\nIts purpose is to provide organizations that manage critical infrastructures with a framework to<br \/>\nprotect their operational technology (OT) environments from cyber threats, ensuring the continuity of<br \/>\nessential services such as energy, drinking water and transportation. The increasing dependence on<br \/>\noperational technology and the complexity of these environments imply significant challenges in<br \/>\nbusiness decision making, especially when introducing new technologies, selecting suppliers or<br \/>\ndeveloping continuity plans.<br \/>\nThe document details six fundamental principles that should guide organizations in creating and<br \/>\nmaintaining secure OT environments:<br \/>\n1. Safety is paramount<br \/>\n2. Knowing the business is fundamental<br \/>\n3. OT data is valuable and must be protected<br \/>\n4. Segmenting and segregating OT networks<br \/>\n5. Securing the supply chain<br \/>\n6. People are essential to cybersecurity OT<br \/>\nEach principle is designed to help decision makers identify and mitigate cyber risks associated with<br \/>\noperational technology. The document provides clear guidelines for implementing appropriate<br \/>\ncontrols, reducing vulnerabilities and promoting business continuity. It also highlights the importance<br \/>\nof aligning cybersecurity with organizational culture and collaboration among all levels of the<br \/>\norganization, from engineers to executives.<\/p>\n<p>This framework seeks to ensure that critical systems not only operate efficiently, but also securely,<br \/>\nminimizing exposure to cyber threats and maintaining public confidence in essential services.<\/p>\n<p>Principle 1: Safety is paramount<br \/>\nThis principle underlines the critical importance of security in operational environments (OT),<br \/>\nhighlighting that, unlike corporate IT systems where rapid innovation may be a priority, in OT it is<br \/>\nessential to ensure physical security and avoid threats that could endanger human life and the<br \/>\ncontinuity of critical services. Organizations that operate critical infrastructure, such as power plants<br \/>\nor water treatment systems, must always consider the physical hazards and the potential<br \/>\nrepercussions that a failure, whether due to human error or cyber attack, could have on public safety<br \/>\nand social stability.<br \/>\nKey Aspects<br \/>\n\u25cf Protection of human life and the environment: OT systems operate equipment that, if<br \/>\ntampered with or altered, could lead to hazardous incidents such as explosions, chemical<br \/>\nleaks, electrical discharges or structural collapse.<br \/>\n\u25cf Continuity of service: Security also encompasses the need to maintain the operability of<br \/>\nessential services, such as the supply of drinking water or energy, to avoid negative impact<br \/>\non society.<br \/>\nExamples and Considerations<br \/>\n\u25cf Incident response: Organizations must be prepared to respond to incidents on systems that<br \/>\nrequire secure operation. In some cases, paying a ransom (as in ransomware attacks) is not<br \/>\nfeasible, as there is no guarantee that the system will be returned to a secure state.<br \/>\n\u25cf Validity of backups: If an attacker has been present in the OT network, it may be difficult to<br \/>\ntrust the available backups, as they could have been compromised.<br \/>\n\u25cf Recovery plans: Critical systems must have well-defined recovery procedures that ensure a<br \/>\nsafe return to operation, even after major outages.<br \/>\nThis principle emphasizes the need for a rigorous and disciplined approach to the operation and<br \/>\nmanagement of OT systems. Security in these environments involves not only protecting against<br \/>\ncyber-attacks, but also ensuring that any changes or disruptions do not affect the physical integrity of<br \/>\nthe system or endanger human lives or essential services. The key is for organizations to adopt a<br \/>\npreventative mindset, always prioritizing security over any other objective.<\/p>\n<p>Principle 2: Knowing the business is fundamental<br \/>\nThis principle underscores the importance for organizations to have a thorough understanding of the<br \/>\noperational processes and systems that support their critical services. The premise is that, in order<br \/>\nto adequately protect operational technology (OT), it is imperative to understand both the essential<br \/>\nbusiness needs and the specific characteristics of the systems that enable its operation.<br \/>\nKey Aspects<br \/>\n\u25cf Identification of vital systems: Organizations must determine which are the essential systems<br \/>\nthat enable the continuity of critical services. This includes identifying which parts of the<br \/>\noperational process are indispensable for the production and supply of critical services such<br \/>\nas energy, water or transportation.<br \/>\n\u25cf Understanding the OT process: It is essential to understand each part of the process<br \/>\ncontrolled by OT systems, ensuring that dependencies and critical points can be identified.<br \/>\nThe designed architecture must enable the defense of these vital systems against threats,<br \/>\nboth internal and external.<br \/>\n\u25cf Integration of cybersecurity into planning: Teams responsible for designing, operating and<br \/>\nmaintaining OT systems must be aligned with the business context. This includes<br \/>\nunderstanding how physical processes connected to the OT environment bring value to the<br \/>\nbusiness and how disruptions can impact service to users.<br \/>\n\u25cf Connections and dependencies: Organizations need to know how OT systems interface with<br \/>\nother systems and what dependencies exist. This is vital for assessing risks and establishing<br \/>\neffective controls.<br \/>\n\u25cf Continuity and crisis management plans: The creation of incident response, business<br \/>\ncontinuity and crisis management plans should include the participation of both process<br \/>\nengineering and cybersecurity experts. In addition, these plans should be continually<br \/>\nexercised, reviewed and updated to ensure their effectiveness.<br \/>\nExamples and Considerations<br \/>\n\u25cf Top-Down vs. Bottom-Up: The &amp;quot;top-down&amp;quot; approach has led to separate OT and IT<br \/>\nnetworks, but the &amp;quot;bottom-up&amp;quot; perspective allows identifying the minimum elements<br \/>\nnecessary for the operation of critical processes. For example, to generate electricity, you<br \/>\nmay only need a generator, a controller and an adequate fuel supply.<\/p>\n<p>\u25cf Third-party information packs: When involving third parties in the management of OT<br \/>\nsystems, it is essential to provide clear documentation that includes contacts, permitted<br \/>\ntools, and procedures to ensure effective collaboration without compromising security.<br \/>\n\u25cf Visual signals and physical controls: Identifying and physically marking authorized devices in<br \/>\nthe OT environment helps reduce the risk of unauthorized interference and enables quick<br \/>\ndecision making in case of security events.<br \/>\nThis principle emphasizes that understanding the business is crucial not only for implementing<br \/>\neffective cybersecurity measures, but also for prioritizing recovery during incidents. It also fosters<br \/>\nseamless collaboration between operations and cybersecurity teams, ensuring that the approach to<br \/>\ncybersecurity is aligned with business needs and the operational context.<\/p>\n<p>Principle 3: OT data are extremely valuable and<br \/>\nmust be protected<br \/>\nFrom an adversary&amp;#39;s perspective, knowledge about the configuration of an OT (Operational<br \/>\nTechnology) system is highly valuable, as OT environments tend to remain stable and unchanged<br \/>\nfrequently. This stability allows malicious actors to develop specific and sophisticated malware to<br \/>\nattack such systems with precision.<br \/>\nCritical data types in OT:<br \/>\n\u25cf Engineering configuration data: This includes network diagrams, sequences of operation,<br \/>\nlogical schematics and configuration data such as device addresses. This data does not<br \/>\nchange frequently and can be relevant for decades, facilitating the preparation of targeted<br \/>\nattacks.<br \/>\n\u25cf Ephemeral data: Such as voltage or pressure levels, which provide real-time information on<br \/>\nthe status of processes and can reveal details about internal or customer operations.<br \/>\n\u25cf Intellectual Property (IP) and Personal Data (PII): Data about customers or processes, such<br \/>\nas patient records in healthcare or metering data in the energy or water sectors, require<br \/>\nprotection just as much as configuration data.<br \/>\nImplications and protection strategies:<\/p>\n<p>\u25cf Control storage: Organizations must define where and how OT data is stored to avoid<br \/>\nexposure. Although OT networks are often segmented, critical data is often stored on<br \/>\ncorporate IT systems, which increases exposure.<br \/>\n\u25cf Minimize data distribution: Internal processes should avoid unnecessary propagation of OT<br \/>\ndata between different systems to reduce risks.<br \/>\n\u25cf Detect unauthorized access: Implement tools such as canary tokens that alert if OT data is<br \/>\naccessed or extracted in an unauthorized manner.<\/p>\n<p>Key questions for OT data protection<br \/>\n\u25cf Do suppliers or consultants have copies of critical data?<br \/>\n\u25cf Is OT information stored in corporate systems or external clouds?<br \/>\n\u25cf Are controls in place to prevent security systems, such as EDRs, from leaking OT data out of<br \/>\nthe environment?<br \/>\n\u25cf Is there a clear process for data destruction when decommissioning OT equipment?<br \/>\nThis principle highlights the need to alert and monitor access to OT data, as lack of control can<br \/>\nfacilitate sophisticated attacks and the manipulation of critical systems. Therefore, a sound<br \/>\ncybersecurity strategy must include controls over data flow and storage, as well as measures to<br \/>\ndetect and respond to potential breaches.<\/p>\n<p>Principle 4: Segment and segregate OT networks<br \/>\nfrom all other networks<br \/>\nThis principle highlights the importance of segmentation and segregation in environments to protect<br \/>\nagainst cyber threats and minimize the risks of compromise. The principle is based on the idea that<br \/>\nOT networks should be kept separate not only from corporate IT networks, but also from any other<br \/>\nnetworks that may introduce additional risks.<br \/>\nImportance of segmentation and segregation<br \/>\n\u25cf Risk reduction: OT networks are more critical than IT networks because they control<br \/>\nessential physical processes (e.g. electricity, water and transportation). These networks<br \/>\nshould not be directly connected to IT networks, which tend to be more vulnerable because<br \/>\nof their exposure to the Internet and services such as email or web browsing.<\/p>\n<p>\u25cf Security between OT and other networks: It is essential to protect not only the<br \/>\ncommunication between OT and IT networks, but also the connections between different OT<br \/>\nnetworks of third parties (such as suppliers, customers or partners). These connections can<br \/>\nbecome an attack vector if not properly managed.<br \/>\nExamples and implications of the principle<br \/>\n\u25cf Security in connections between OT and third parties: Connections to OT networks of<br \/>\nother players, such as energy providers or transmission companies, can open security gaps<br \/>\nif not properly managed.<br \/>\n\u25cf Physical and logical separation: It is recommended that critical functions be separated<br \/>\nphysically and logically, to ensure that even if a less critical network is compromised, the<br \/>\nmore critical networks remain protected.<br \/>\n\u25cf Security in systems administration: Administrative accounts and systems must be properly<br \/>\nsegregated. For example, critical OT systems should not rely on services administered from<br \/>\nIT networks with lower levels of security, as compromising these accounts could put the OT<br \/>\nnetwork at risk.<br \/>\n\u25cf Privilege escalation risks: An attacker accessing the IT network could escalate privileges<br \/>\nand compromise the firewall or OT network control devices if these infrastructures are not<br \/>\nadequately separated.<br \/>\nThis principle emphasizes that any existing connection in an OT network must be considered a<br \/>\npotential point of vulnerability and treated with the highest level of security. Segmentation should not<br \/>\nonly apply between OT and IT, but also between different zones within OT, according to their levels<br \/>\nof criticality. In addition, organizations should continuously evaluate administrative configurations to<br \/>\nensure that the management of OT networks does not rely on less secure external systems.<\/p>\n<p>Principle 5: The supply chain must be secure<br \/>\nSupply chain security has been a focus of attention for several years, and many previous<br \/>\npublications have already covered this area. However, in operational technology (OT) environments,<br \/>\nthis principle highlights some additional specific considerations, as it is not sufficient to apply generic<br \/>\ncontrols.<\/p>\n<p>Examples and considerations:<br \/>\n\u25cf Changing the perspective on supplier risk: Traditionally, only large or operationally critical<br \/>\nsuppliers were rigorously evaluated. However, from a cybersecurity perspective, the size or<\/p>\n<p>importance of the vendor is not determinative. A seemingly minor device or service can open<br \/>\ncritical doors for attackers if it is not secure.<br \/>\n\u25cf Exposure in open OT environments: In OT systems, critical control messages are often<br \/>\nsent unencrypted, via multicast or broadcast messages that any device on the network can<br \/>\nreceive and interpret. This makes any component in the environment &#8211; such as printers,<br \/>\nrouters, or engineers&amp;#39; workstations &#8211; a potential access point for threats.<br \/>\n\u25cf Know the origin and path of devices: It is essential to track the origin and previous use of<br \/>\ndevices connected to the OT network, including consultant or vendor laptops. These may<br \/>\nhave previously connected to less secure networks, introducing a potential risk when<br \/>\ntransferred to the OT environment.<br \/>\n\u25cf Evaluate hidden capabilities of devices: Not only is it important what devices can do in their<br \/>\ncurrent configuration, but also what they could do if their firmware or configuration is altered.<br \/>\nIf vendors have remote access to perform updates, organizations should ensure that the<br \/>\nfirmware is cryptographically signed and its integrity verified prior to installation.<br \/>\n\u25cf Rigorous evaluation of vendor behavior: Organizations should consider vendor practices that<br \/>\nrequire exceptions to security policies as negative indicators. For example, if a vendor<br \/>\nrequests direct connections from the OT network to the Internet for support or firmware<br \/>\nupgrades, the vendor&amp;#39;s suitability should be questioned and more secure alternatives should<br \/>\nbe sought.<br \/>\n\u25cf Traffic control and security analysis: A good control consists of connecting a device to the<br \/>\nnetwork while capturing the traffic with a packet analyzer to verify that they are not<br \/>\ncommunicating without authorization with remote addresses.<br \/>\nSupply chain security is critical because interconnections and dependencies between multiple<br \/>\ndevices and systems increase exposure to cyber-attacks. A single compromised or mismanaged<br \/>\ndevice can represent a significant vulnerability for the entire OT infrastructure. Therefore, this<br \/>\nprinciple calls for maintaining tight control over all elements of the supply chain, ensuring that every<br \/>\ncomponent that interacts with critical infrastructure meets the highest security standards.<\/p>\n<p>Principle 6: People are essential to cybersecurity OT<br \/>\nThis principle emphasizes that cyber security in operational technology (OT) cannot be achieved<br \/>\nwithout the active and skilled participation of people. Technical tools and processes alone are not<br \/>\nsufficient to prevent or detect incidents. Effective incident response depends on people with the right<br \/>\ntraining, skills and knowledge to handle these challenges.<\/p>\n<p>Importance of security-based cybersecurity culture.<\/p>\n<p>\u25cf It highlights the need to build a strong cybersecurity culture, focused on physical and digital<br \/>\nsecurity. The organization must consider cybersecurity principles as an essential aspect of<br \/>\nworkplace safety, not only as a technological obligation.<br \/>\n\u25cf Field technicians and other operatives are the first line of defense and play a crucial role in<br \/>\ndetecting suspicious behavior. Although these employees are not typically cybersecurity<br \/>\nexperts, their working knowledge of the OT environment enables them to identify anomalies<br \/>\nthat could indicate cyber incidents.<\/p>\n<p>Key challenges and strategies<br \/>\n\u25cf Diversified training: A cross-functional team is needed, consisting of cybersecurity experts,<br \/>\ncontrol engineers, operations personnel and asset managers. All of these roles must align on<br \/>\ncore OT principles, even if they come from different cultures and priorities.<br \/>\n\u25cf Cultural change: For personnel without engineering or critical infrastructure experience, it<br \/>\ncan be a challenge to adopt a &amp;quot;safety first&amp;quot; approach. The organization must foster a shared<br \/>\nunderstanding among all areas involved.<br \/>\n\u25cf Fearless reporting: It is essential to empower operatives to report possible incidents without<br \/>\nfear of reprisal or ridicule. There must be clear procedures for observations to be assessed<br \/>\nand handled in a timely manner.<\/p>\n<p>Development of cybersecurity awareness and culture<br \/>\n\u25cf Include cybersecurity in key processes: Cybersecurity should be integrated into security<br \/>\nassessments, acceptance testing (FAT\/SAT), and engineering change management.<br \/>\nMethods such as Cyber-Informed Engineering help strengthen this integration.<br \/>\n\u25cf Avoidance of risky behavior: A prime example is remote maintenance without informing on-<br \/>\nsite personnel, which can cause operators to ignore abnormal behavior as normal. This<br \/>\ndemonstrates the need for transparency in operations.<br \/>\n\u25cf Incident reassessment: Operators should be trained to consider the possibility of cyber<br \/>\ncompromise in operational problems. Historically, these problems have been attributed only<br \/>\nto technical failures, which can result in the loss of key evidence for cyber investigations.<br \/>\nThis principle emphasizes that the combination of technology, processes and people is essential to<br \/>\nmaintain security in OT environments. Active engagement and preparedness of personnel, along<br \/>\nwith a security-focused organizational culture, are fundamental to cyber resilience in critical<br \/>\ninfrastructures.<\/p>\n<p>Conclusion<br \/>\nThe approach presented is not limited to establishing technical controls, but promotes a holistic<br \/>\nintegration of cybersecurity across all dimensions of the OT environment: processes, people and<br \/>\ntechnology. The principles highlight the importance of aligning risk management with physical and<br \/>\noperational security, thus ensuring complete resilience. Collaboration between technical and<br \/>\noperational experts, along with efficient vendor and data management, is critical to maintaining the<br \/>\nintegrity of critical infrastructures.<br \/>\nFinally, the adoption of these principles requires not only technological resources, but also a deep<br \/>\norganizational commitment that fosters a cybersecurity culture based on security, collaboration and<br \/>\ntransparency. With this framework, organizations will be able to meet current and future challenges<br \/>\nefficiently, ensuring the continuity of essential services and the protection of their most valuable<br \/>\nassets.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The National Security Agency (NSA) has partnered with cybersecurity agencies in Australia, Canada, Germany, Japan, the Netherlands, New Zealand, South Korea and the United Kingdom to launch a guide that presents six fundamental principles. These principles are intended to assist in the creation and maintenance of a secure and critical environment for operational technology (OT) [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":6681,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_wpcom_ai_launchpad_first_post":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[259],"tags":[],"class_list":["post-6689","post","type-post","status-publish","format-standard","has-post-thumbnail","category-technical-en"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.9 (Yoast SEO v27.9) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Principles of Cybersecurity in OT - BASE4 Security<\/title>\n<meta name=\"description\" content=\"BASE4 Security, consultora de ciberseguridad con presencia en Argentina, Chile, Per\u00fa, Colombia, M\u00e9xico y Espa\u00f1a. Servicios de CyberSOC, Red Team, GRC y Zero Trust.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/base4sec.com\/en\/technical-en\/principios-de-ciberseguridad-en-ot\/2024\/10\/22\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Principles of Cybersecurity in OT\" \/>\n<meta property=\"og:description\" content=\"An\u00e1lisis t\u00e9cnico y estrategia de ciberseguridad por el equipo de BASE4 Security. Insights sobre CyberSOC, Red Team, GRC y Zero Trust para LATAM y Espa\u00f1a.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/base4sec.com\/en\/technical-en\/principios-de-ciberseguridad-en-ot\/2024\/10\/22\/\" \/>\n<meta property=\"og:site_name\" content=\"BASE4 Security\" \/>\n<meta property=\"article:published_time\" content=\"2024-10-22T19:04:29+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-02-26T19:09:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/base4sec.com\/wp-content\/uploads\/2025\/02\/22_10x2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Base4 Security Research\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Base4 Security Research\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"13 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/base4sec.com\\\/en\\\/technical-en\\\/principios-de-ciberseguridad-en-ot\\\/2024\\\/10\\\/22\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/base4sec.com\\\/en\\\/technical-en\\\/principios-de-ciberseguridad-en-ot\\\/2024\\\/10\\\/22\\\/\"},\"author\":{\"name\":\"Base4 Security Research\",\"@id\":\"\\\/#\\\/schema\\\/person\\\/5905e7398728c03dbec3772861bd4f99\"},\"headline\":\"Principles of Cybersecurity in OT\",\"datePublished\":\"2024-10-22T19:04:29+00:00\",\"dateModified\":\"2025-02-26T19:09:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/base4sec.com\\\/en\\\/technical-en\\\/principios-de-ciberseguridad-en-ot\\\/2024\\\/10\\\/22\\\/\"},\"wordCount\":2677,\"commentCount\":0,\"publisher\":{\"@id\":\"\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/base4sec.com\\\/en\\\/technical-en\\\/principios-de-ciberseguridad-en-ot\\\/2024\\\/10\\\/22\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/base4sec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/22_10x2.png\",\"articleSection\":[\"Technical\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/base4sec.com\\\/en\\\/technical-en\\\/principios-de-ciberseguridad-en-ot\\\/2024\\\/10\\\/22\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/base4sec.com\\\/en\\\/technical-en\\\/principios-de-ciberseguridad-en-ot\\\/2024\\\/10\\\/22\\\/\",\"url\":\"https:\\\/\\\/base4sec.com\\\/en\\\/technical-en\\\/principios-de-ciberseguridad-en-ot\\\/2024\\\/10\\\/22\\\/\",\"name\":\"Principles of Cybersecurity in OT - BASE4 Security\",\"isPartOf\":{\"@id\":\"\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/base4sec.com\\\/en\\\/technical-en\\\/principios-de-ciberseguridad-en-ot\\\/2024\\\/10\\\/22\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/base4sec.com\\\/en\\\/technical-en\\\/principios-de-ciberseguridad-en-ot\\\/2024\\\/10\\\/22\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/base4sec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/22_10x2.png\",\"datePublished\":\"2024-10-22T19:04:29+00:00\",\"dateModified\":\"2025-02-26T19:09:36+00:00\",\"description\":\"BASE4 Security, consultora de ciberseguridad con presencia en Argentina, Chile, Per\u00fa, Colombia, M\u00e9xico y Espa\u00f1a. Servicios de CyberSOC, Red Team, GRC y Zero Trust.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/base4sec.com\\\/en\\\/technical-en\\\/principios-de-ciberseguridad-en-ot\\\/2024\\\/10\\\/22\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/base4sec.com\\\/en\\\/technical-en\\\/principios-de-ciberseguridad-en-ot\\\/2024\\\/10\\\/22\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/base4sec.com\\\/en\\\/technical-en\\\/principios-de-ciberseguridad-en-ot\\\/2024\\\/10\\\/22\\\/#primaryimage\",\"url\":\"https:\\\/\\\/base4sec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/22_10x2.png\",\"contentUrl\":\"https:\\\/\\\/base4sec.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/22_10x2.png\",\"width\":600,\"height\":600,\"caption\":\"R &amp; D + i Team\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/base4sec.com\\\/en\\\/technical-en\\\/principios-de-ciberseguridad-en-ot\\\/2024\\\/10\\\/22\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Inicio\",\"item\":\"https:\\\/\\\/base4sec.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Principles of Cybersecurity in OT\"}]},{\"@type\":\"WebSite\",\"@id\":\"\\\/#website\",\"url\":\"\\\/\",\"name\":\"BASE4 Security\",\"description\":\"Your cyber ally\",\"publisher\":{\"@id\":\"\\\/#organization\"},\"alternateName\":\"B4\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"\\\/#organization\",\"name\":\"BASE4 Security\",\"url\":\"\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/base4sec.com\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/Logo_policromo_negativo.png\",\"contentUrl\":\"https:\\\/\\\/base4sec.com\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/Logo_policromo_negativo.png\",\"width\":372,\"height\":227,\"caption\":\"BASE4 Security\"},\"image\":{\"@id\":\"\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/base4-security\"],\"description\":\"BASE4 Security es una consultora de ciberseguridad B2B con prop\u00f3sito, fundada en Argentina y con operaciones en Argentina, Chile, Per\u00fa, Colombia, M\u00e9xico y Espa\u00f1a. Ofrece servicios de CyberSOC, Red Team, GRC, Identity Security, Cloud Security y Application Security para empresas en SOLA y NOLA.\",\"email\":\"info@base4sec.com\",\"telephone\":\"02262653623\",\"legalName\":\"BASE4 Security\",\"foundingDate\":\"2008-01-16\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"51\",\"maxValue\":\"200\"}},{\"@type\":\"Person\",\"@id\":\"\\\/#\\\/schema\\\/person\\\/5905e7398728c03dbec3772861bd4f99\",\"name\":\"Base4 Security Research\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2fd8bd108b76c23a0df95f08c42f3f8653e30a2562d252777bc2a74096d212e4?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2fd8bd108b76c23a0df95f08c42f3f8653e30a2562d252777bc2a74096d212e4?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/2fd8bd108b76c23a0df95f08c42f3f8653e30a2562d252777bc2a74096d212e4?s=96&d=mm&r=g\",\"caption\":\"Base4 Security Research\"},\"url\":\"https:\\\/\\\/base4sec.com\\\/en\\\/author\\\/cliteplo\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Principles of Cybersecurity in OT - BASE4 Security","description":"BASE4 Security, consultora de ciberseguridad con presencia en Argentina, Chile, Per\u00fa, Colombia, M\u00e9xico y Espa\u00f1a. Servicios de CyberSOC, Red Team, GRC y Zero Trust.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/base4sec.com\/en\/technical-en\/principios-de-ciberseguridad-en-ot\/2024\/10\/22\/","og_locale":"en_US","og_type":"article","og_title":"Principles of Cybersecurity in OT","og_description":"An\u00e1lisis t\u00e9cnico y estrategia de ciberseguridad por el equipo de BASE4 Security. Insights sobre CyberSOC, Red Team, GRC y Zero Trust para LATAM y Espa\u00f1a.","og_url":"https:\/\/base4sec.com\/en\/technical-en\/principios-de-ciberseguridad-en-ot\/2024\/10\/22\/","og_site_name":"BASE4 Security","article_published_time":"2024-10-22T19:04:29+00:00","article_modified_time":"2025-02-26T19:09:36+00:00","og_image":[{"width":600,"height":600,"url":"https:\/\/base4sec.com\/wp-content\/uploads\/2025\/02\/22_10x2.png","type":"image\/png"}],"author":"Base4 Security Research","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Base4 Security Research","Est. reading time":"13 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/base4sec.com\/en\/technical-en\/principios-de-ciberseguridad-en-ot\/2024\/10\/22\/#article","isPartOf":{"@id":"https:\/\/base4sec.com\/en\/technical-en\/principios-de-ciberseguridad-en-ot\/2024\/10\/22\/"},"author":{"name":"Base4 Security Research","@id":"\/#\/schema\/person\/5905e7398728c03dbec3772861bd4f99"},"headline":"Principles of Cybersecurity in OT","datePublished":"2024-10-22T19:04:29+00:00","dateModified":"2025-02-26T19:09:36+00:00","mainEntityOfPage":{"@id":"https:\/\/base4sec.com\/en\/technical-en\/principios-de-ciberseguridad-en-ot\/2024\/10\/22\/"},"wordCount":2677,"commentCount":0,"publisher":{"@id":"\/#organization"},"image":{"@id":"https:\/\/base4sec.com\/en\/technical-en\/principios-de-ciberseguridad-en-ot\/2024\/10\/22\/#primaryimage"},"thumbnailUrl":"https:\/\/base4sec.com\/wp-content\/uploads\/2025\/02\/22_10x2.png","articleSection":["Technical"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/base4sec.com\/en\/technical-en\/principios-de-ciberseguridad-en-ot\/2024\/10\/22\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/base4sec.com\/en\/technical-en\/principios-de-ciberseguridad-en-ot\/2024\/10\/22\/","url":"https:\/\/base4sec.com\/en\/technical-en\/principios-de-ciberseguridad-en-ot\/2024\/10\/22\/","name":"Principles of Cybersecurity in OT - BASE4 Security","isPartOf":{"@id":"\/#website"},"primaryImageOfPage":{"@id":"https:\/\/base4sec.com\/en\/technical-en\/principios-de-ciberseguridad-en-ot\/2024\/10\/22\/#primaryimage"},"image":{"@id":"https:\/\/base4sec.com\/en\/technical-en\/principios-de-ciberseguridad-en-ot\/2024\/10\/22\/#primaryimage"},"thumbnailUrl":"https:\/\/base4sec.com\/wp-content\/uploads\/2025\/02\/22_10x2.png","datePublished":"2024-10-22T19:04:29+00:00","dateModified":"2025-02-26T19:09:36+00:00","description":"BASE4 Security, consultora de ciberseguridad con presencia en Argentina, Chile, Per\u00fa, Colombia, M\u00e9xico y Espa\u00f1a. Servicios de CyberSOC, Red Team, GRC y Zero Trust.","breadcrumb":{"@id":"https:\/\/base4sec.com\/en\/technical-en\/principios-de-ciberseguridad-en-ot\/2024\/10\/22\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/base4sec.com\/en\/technical-en\/principios-de-ciberseguridad-en-ot\/2024\/10\/22\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/base4sec.com\/en\/technical-en\/principios-de-ciberseguridad-en-ot\/2024\/10\/22\/#primaryimage","url":"https:\/\/base4sec.com\/wp-content\/uploads\/2025\/02\/22_10x2.png","contentUrl":"https:\/\/base4sec.com\/wp-content\/uploads\/2025\/02\/22_10x2.png","width":600,"height":600,"caption":"R &amp; D + i Team"},{"@type":"BreadcrumbList","@id":"https:\/\/base4sec.com\/en\/technical-en\/principios-de-ciberseguridad-en-ot\/2024\/10\/22\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Inicio","item":"https:\/\/base4sec.com\/en\/"},{"@type":"ListItem","position":2,"name":"Principles of Cybersecurity in OT"}]},{"@type":"WebSite","@id":"\/#website","url":"\/","name":"BASE4 Security","description":"Your cyber ally","publisher":{"@id":"\/#organization"},"alternateName":"B4","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"\/#organization","name":"BASE4 Security","url":"\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"\/#\/schema\/logo\/image\/","url":"https:\/\/base4sec.com\/wp-content\/uploads\/2024\/10\/Logo_policromo_negativo.png","contentUrl":"https:\/\/base4sec.com\/wp-content\/uploads\/2024\/10\/Logo_policromo_negativo.png","width":372,"height":227,"caption":"BASE4 Security"},"image":{"@id":"\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/base4-security"],"description":"BASE4 Security es una consultora de ciberseguridad B2B con prop\u00f3sito, fundada en Argentina y con operaciones en Argentina, Chile, Per\u00fa, Colombia, M\u00e9xico y Espa\u00f1a. Ofrece servicios de CyberSOC, Red Team, GRC, Identity Security, Cloud Security y Application Security para empresas en SOLA y NOLA.","email":"info@base4sec.com","telephone":"02262653623","legalName":"BASE4 Security","foundingDate":"2008-01-16","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"51","maxValue":"200"}},{"@type":"Person","@id":"\/#\/schema\/person\/5905e7398728c03dbec3772861bd4f99","name":"Base4 Security Research","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/2fd8bd108b76c23a0df95f08c42f3f8653e30a2562d252777bc2a74096d212e4?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/2fd8bd108b76c23a0df95f08c42f3f8653e30a2562d252777bc2a74096d212e4?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2fd8bd108b76c23a0df95f08c42f3f8653e30a2562d252777bc2a74096d212e4?s=96&d=mm&r=g","caption":"Base4 Security Research"},"url":"https:\/\/base4sec.com\/en\/author\/cliteplo\/"}]}},"jetpack_featured_media_url":"https:\/\/base4sec.com\/wp-content\/uploads\/2025\/02\/22_10x2.png","_links":{"self":[{"href":"https:\/\/base4sec.com\/en\/wp-json\/wp\/v2\/posts\/6689","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/base4sec.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/base4sec.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/base4sec.com\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/base4sec.com\/en\/wp-json\/wp\/v2\/comments?post=6689"}],"version-history":[{"count":3,"href":"https:\/\/base4sec.com\/en\/wp-json\/wp\/v2\/posts\/6689\/revisions"}],"predecessor-version":[{"id":6696,"href":"https:\/\/base4sec.com\/en\/wp-json\/wp\/v2\/posts\/6689\/revisions\/6696"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/base4sec.com\/en\/wp-json\/wp\/v2\/media\/6681"}],"wp:attachment":[{"href":"https:\/\/base4sec.com\/en\/wp-json\/wp\/v2\/media?parent=6689"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/base4sec.com\/en\/wp-json\/wp\/v2\/categories?post=6689"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/base4sec.com\/en\/wp-json\/wp\/v2\/tags?post=6689"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}