I was lucky to read the Lessons Learned: Protecting Critical Infrastructure from Cyber Attacks ahead of its release. This is the third of a 4-part eBook series where OT security experts share their insights. One thing struck me: The reality and magnitude of ICS cyber threats is forcing changes in the way we learn our industry lessons. Cyber threats no longer revolve around intellectual property only - we now have human life at risk. Threats have evolved to the space where cyber becomes physical (the production level at the plant).
We must recognize that threats can be external as well as internal to the plant. A well-intentioned engineer can inadvertently make a change to the control system that causes a cyber incident—the result would be the same if an external hacker intentionally did this. To add even more complexity, not only do we have to contend with internal and external threats, we must also manage known and unknown cyber threats (and a combination of all the above). A known threat could be a ROOTKIT, RAS, or published vulnerability in ICS-CERT. An unknown threat can be… just about anything. We do not know what we do not know, and at first this can and should feel scary.
To take it one step further, there are also network and endpoint threats—two very different “beasts” to manage. One revolves around protecting “the wire” from anomalous activity, while the other revolves around protecting the configuration of devices. This configuration is typically buried deep within those proprietary assets and is almost “mission impossible” to understand and have visibility into any changes made to it. Remember, these changes can be made internally or externally.
It is a complex world out there today and we face a solid set of challenges to operate our plants safely. Historically, industry has learned lessons the way people learn lessons—through our own mistakes. Up until recent times, that paradigm could almost be justified as a solid mechanism for learning. However, with the new landscape of industrial cybersecurity the stakes are much higher and we cannot afford to learn through our own mistakes. We are in a place where we MUST learn from others as quickly as we can to maximize our levels of protection. This latest eBook is an opportunity for you to learn from peers in the industry.
Interested in hearing more? Register for the webinar this Tuesday, October 30, where I will discuss in-depth key takeaways and lessons learned from the insights provided in the eBook.
Read Lessons Learned: Protecting Critical Infrastructure from Cyber Attacks and at the end of the webinar you’ll have an opportunity to share your own insights and ask questions.