As a part of integrating cybersecurity into the daily operations of a plant it is important to ensure that your contractors are held responsible to the same standard of cybersecurity as your employees. This starts with ensuring cybersecurity language is included in your operations and maintenance contracts. Luckily, DHS has plenty of guidance on this matter.
It may take a while to negotiate these clauses into your existing contracts, but they should absolutely be a part of any new contracts going forward. This helps to protect your control systems from attacks that might otherwise come through your supply chain.
Contact us at OTCyber@ait-i.com for help holding your contractors responsible for OT Cybersecurity.