So having worked in that environment for years, I watched the environment change from being air gapped, to being fully connected. And things started to change dramatically.
Some of the things that can be done are firewalling.....although not the end of the story.
We need to train both Security and Audit folks are the risks/threats to these systems. There is training from SANS (Have not taken it, but I hear it is quite good).Another spot that does offer some assistance with ICS Security is the INL (however, spots are limited and usually are booked months in advance (typically being booked by US firms).
We as Security folks, know well how to protect our IT systems but not necessarily how to change the protections for OT. Some things that can help, disable ports, Why not disable some of the well known ports from 9 0 1023) on OT systems? Do you really need port 25 open? Or port 18 or port 79. I recommend that folks spend the time and look at the ports that are open and shutdown unused or unnecessary ports.
If you are in OT, ask the folks in IT to help do a proper Risk Assessment. Once you have that in hand, you will have some of the information that you need to convince Management to spend the money.
We are starting to see conferences focused simply on OT security. Try to attend one.
Work with the folks in IT to handle things like Patching and Anti-virus. Anti-virus (at least a good one) can be configured to exclude specified directories. Schedule patching during planned system outages. Common vulnerabilities cited across five NIST Cybersecurity Framework categories can often lead to preventable breaches. For example, only 33% employ effective OT patch management today.
This is not meant to be inclusive, one could write a book on this subject and still not cover all the bases. Please do not read, if I do all this, I am protected.
My nickel
d
d
