Cyber MOC (Management of Change) is a specialized process integrating cybersecurity considerations into operational changes. Such as new equipment installations, software updates, or facility modifications. It ensures that changes involving connected technologies—like PLCs, IIoT devices, and network infrastructure are assessed for potential cyber risks before implementation.
Traditional MOC frameworks focus primarily on physical safety. Cyber MOC fills the critical gap by addressing vulnerabilities introduced by digital and networked systems. This requires updating existing MOC tools and workflows to include cybersecurity-specific fields and redefining roles to include cyber risk accountability.
As infrastructure becomes more interconnected, adopting Cyber MOC is essential to proactively protect against security threats and ensure cyber risks are evaluated as a core part of any operational change.
Dave Gunter, OT Cybersecurity Director at Armexa was recently published in Disaster Recovery Journal on the subject. In his article he answers:
What Should a Cyber MOC Process Look Like?
- Cyber MOC ownership
- Risk assessment
- Risk identification and documentation
- Mitigation strategies
- Task assignment
- Independent review
- Training and documentation
When is a Cyber MOC Warranted?
- Technology changes
- Equipment changes
- Procedure changes
Beyond Compliance: Fostering a Culture of Security
Read full article in Disaster Recover Journal : Integrating Cybersecurity Into Change Management for Critical Infrastructure • Disaster Recovery Journal
