Ensuring Resilience in OT: Key Takeaways from Saltanat Mashirova’s Insights on Disaster Recovery

In episode #32 of the ICS Arabia Podcast , special and first female guest Saltanat Mashirova an OT security expert and Product Management Lead at Honeywell, shared valuable insights into the critical topic of disaster recovery in operational technology (OT). With a background in cybersecurity within the oil and gas sector, Saltanat expertise sheds light on the importance of resilience in today's increasingly interconnected industrial landscape.

1. The Importance of Resilience:

Saltanat highlighted how the Colonial Pipeline attack in 2021 ignited a global conversation about resilience in OT systems. This incident led to the introduction of mandatory business continuity plans across various sectors. Saltanat noted that her experiences in cyber-physical risk assessment inspired her to develop a comprehensive disaster recovery framework, which she plans to publish in an upcoming white paper (looking forward to this white paper)

2. Key Objectives of OT Disaster Recovery

The main objectives of disaster recovery in OT include:

• Effective Crisis Response: Preparing personnel to handle crises efficiently.
• Organized Management: Managing disasters systematically to minimize impact.
• Clear Communication: Establishing a crisis communication plan to ensure all stakeholders are informed.

Saltanat emphasized the confusion that often arises around the relationship between business continuity management(BCM) plans and disaster recovery plans. She clarified that BCM serves as an umbrella for various plans, including crisis communication, incident response, and information system contingency plans

3. Key Elements of Disaster Recovery:

Mashirova explains that disaster recovery in OT hinges on two main pillars: a structured Recovery Strategy and an organized Recovery Process. These foundational elements work in tandem to support a rapid and reliable response when incidents occur

3.1 Recovery Strategy:

• Identification of loss scenarios that will impact the recovery process
• Determination of the optimal recovery sequence for each of the identified scenarios to achieve successful reconstruction

3.2 Recovery Process:

• Recovery and Restoration Procedures: Essential steps to prevent disorganized and confused responses to incidents and ensure an organized and effective recovery process
• Roles and Responsibilities: Clearly defined roles and responsibilities for the recovery team
• Reconstitution: Ensuring the integrity and operability of the recovered systems
• Recovery Test: Validating the effectiveness of the recovery process

Also Saltant highlights other important aspects of the recovery process, such as loss scenarios, recovery sequence, priority, dependency, and training.

4. Essential Metrics: MTD, RTO, and RPO:

To support effective recovery planning, Mashirova highlights three essential metrics:

• Maximum Tolerable Downtime (MTD) - The total amount of time the business is willing to accept for a production (sub)process outage or disruption.
• Recovery Time Objective (RTO) - The maximum amount of time a system resource can remain unavailable before there is an unacceptable impact on other system resources/components and supported automation processes, denoted by the MTD.
• Recovery Point Objective (RPO) - The point in time, prior to a system outage/disruption, to which mission/business data can be recovered after an outage. Unlike RTO, RPO is not considered part of the MTD.

5. Comprehensive Approach to OT Disaster Recovery:

Mashirova’s framework advocates a structured, proactive approach that emphasizes both planning and ongoing validation. Her insights reveal that a resilient disaster recovery plan integrates process safety protocols, anticipates loss scenarios, and ensures clear recovery priorities. This approach is especially vital in OT environments, where interdependencies across systems make a rapid, organized response essential to prevent extended disruptions.

6. Preparing for the Future:

In closing, Saltanat highlighted the growing importance of diversity in the cybersecurity workforce, particularly in OT. With women currently making up only 10% of the OT cybersecurity field, she emphasized the need for inclusive hiring practices to foster innovation and problem-solving.

The conversation concluded with an acknowledgment of the challenges faced by women entering this field, as well as the lack of training programs specifically tailored to cybersecurity in OT. Salan advocated for improved training quality and resources to better equip professionals in this critical area.

7. Conculsion:

The insights shared by Saltanat Mashirova in this podcast episode underline the urgent need for robust disaster recovery frameworks in operational technology. As industries continue to digitize and connect, ensuring the resilience of OT systems is paramount for safeguarding operations and minimizing risk.

For more insights, be sure to check out the full discussion on the ICS Arabia podcast!