Measuring OT Cybersecurity Protection Effectiveness: Return on Mitigation

Determining a Return on Investment (ROI) from buying solutions in cybersecurity is always difficult for CISOs and OT security teams. In the past two blogs, I talked about Desired Outcomes, the MITRE ATT&CK Matrix, and the potential cost of an attack. 

If you purchase a security system for your home or business, you are buying peace of mind because you believe you have something worth protecting. You own something that you do not want someone else to have. The same tenet applies to OT networks. Your OT network is valuable because of the product it produces, transports, or delivers to customers/consumers. You want to protect it because the cost of protecting is is less than the cost if it is hacked (as we discussed in the last blog).

If we take the MITRE ICS Matrix, how can we eliminate some of the highest risk and most intrusive tactics and measure that impact? In Microsoft’s Digital Defense Report, one metric mentioned is a return on mitigation (ROM) metric that determines the return on investment in cybersecurity deployments. Generally speaking, the lower the resources and effort involved, the higher the ROM (For more details on the methodology, go to Page 41 of the report). Applying the highest ROM items to your OT network improves your cybersecurity. 

This chart aligns with the critical component of any Cybersecurity Framework - protecting the network to remove or reduce risk. Removing as many significant or entire classes of risk as possible will drastically reduce the danger to your OT network. The highest ROM items are listed below, so we can consider these as we analyze protection needs as part of the Zero Trust Framework.

Notice that many of the biggest ROM areas fall into Initial Access, Discovery, and Lateral Movement BTW.

Interested to learn more? This week we released our whitepaper Desired Outcomes for OT Cybersecuity Investments, get it here today!