Manufacturing supply chains are vital to the development and fulfillment of any modern technology—they change rapidly and locations of suppliers change. This dynamic nature of the supply chain exposes enterprises to a wide variety of risks.
I would like the OT security community to move away from asking what can we do to gain greater adoption of a greenfield IT security model and instead ask how we can gain demonstrable gains in OT security posture more efficiently.
The NIST Cybersecurity Framework is a good first step towards creating a standardized approach to cyber security, but requires many substantial updates before really improving our nation’s cyber resilience.
The energy sector requires an approach to cybersecurity that doesn’t rely exclusively on air gaps or point-in-time detection tools but addresses the full attack continuum – before, during, and after an attack.
Critical infrastructure facilities are under constant attack, and continuously being probed for defensive weaknesses and access points. To complicate matters, facilities often don’t even recognize when they have been probed or if a weakness has been identified for future exploitation.
Malware targeting SCADA systems from Stuxnet and Flame to Duqu have already shown the vast amounts of knowledge that attackers have on these proprietary control systems and are now available to other attackers to leverage.
SCADA networks are the most unprotected networks of all and now cyber-criminals have them in their sights. If they get access, the consequences for many organizations, their customers and perhaps the population at large, could be extremely damaging.
We’ve all heard about the inherent vulnerabilities of SCADA and ICS systems, yet we continue to focus cyber security on the surrounding IT systems using these traditional IT tools. The solution requires a new security model that addresses the specific challenges of the industrial automated world.