I attended the S4 ICS Security conference in Miami last week and really enjoyed the different perspectives and priorities people have for securing control systems. Many vendors and end users were in attendance, and it was a great forum to exchange ideas. Hats off to Digital Bond for creating an event that provides such a collaborative environment.
Below are some of the key messages I took from the presentations and hallway conversations:
- Dale Peterson opened the session, which contained two themes that resonated with me. First is that ICS cybersecurity is a multi-disciplined process that requires expertise from both traditional process control as well as IT security; we have been observing the same at our customers. The second is that the board of directors and C-level are willing to invest in ICS cybersecurity, but a different approach is needed to secure these funds – a good business case that articulates business value for operational and cybersecurity personnel alike and that details real risk reduction over a summary of “functions and features.”
Customers are still challenged with the myriad of solutions available for ICS cybersecurity, and determining where best to spend their security dollars. In such a market, consolidation of vendors and solutions is inevitable. When evaluating technology solutions, companies should consider business risk as part of their selection criteria.
There are a number of companies emerging that are using DPI (Deep Packet Inspection) to provide end-owner operators with insights to their control systems. While DPI is likely to emerge as an important tool for detecting anomalous behavior on control system networks, the trend within large industrial process companies is gathering additional data - not available from network traffic monitoring – to feed their baseline and configuration management programs.
Conferences such as S4 are great opportunities to advance the conversation on ICS cybersecurity. We are thrilled to participate in the discussions and lend the perspective we’ve gained with many of the top refining, chemical, and power generation companies as customers.