Barak Perelman is CEO of Indegy, an industrial cyber-security firm that improves operational safety and reliability for industrial control networks by providing situational awareness and real-time security.
While pharmaceutical operations networks were once siloed, today their connection to IT and anywhere access has created an environment that threatens the integrity of drug formulation control systems.
The same cloud technology that has exposed OT networks to external threats is now providing an alternative for protecting organizations when the physical deployment of OT security equipment is not practical.
Since Building Management Systems (BMS) are integrated with and interconnected to both hardwired and cloud based solutions, as well as third party applications, their attack surface is large and getting larger.
Passive network security monitoring has its value for identifying certain indicators of compromise (IoC), but does not detect and mitigate all attacks or incidents on ICS networks.
Just as internet security was a relative unknown concern 20 years ago, public awareness of threats to the electric grid, water supplies, etc. is mounting
Concerns about endpoint security in industrial environments, especially among OT personnel, are being driven by the demise of the traditional air gapping of OT infrastructures.
For industrial organizations, establishing an infrastructure that provides visibility, security, control, and is purpose-built for operational technologies (OT), is the clearest path to compliance.
The breadth of attacks targeting critical infrastructure sectors are not only deeper but also broader than originally thought. Most likely, Russia and others want to acquire a “Red Button” capability that can be used to shut down the power grid.
While TRITON is not the first malware to target industrial control systems (ICS), it does signal that operational networks, which have been largely immune to cyber threats, are now in the crosshairs of attackers.
Many systems that support industrial controllers are likely vulnerable to Spectre and Meltdown vulnerabilities, which affect hardware running in the majority of the world’s computing devices.
2018 will present new and increasing industrial cyber security challenges for facilities operators, but new developments will help minimize those threats.
Organizations need specialized monitoring and control technologies for ICS networks that provide the deep, real-time visibility to identify suspicious or malicious activity
If WannaCry had targeted industrial controllers, it would have been much more difficult to protect them and the damage would have been much more widespread.
It’s a generally known fact that most Industrial Control System (ICS) environments were not built with cyber security in mind because they were designed before the cyber threat existed.
Industrial organizations need early detection of suspicious activity like unauthorized network scans, attempts to read information from controllers and other unsanctioned control-plane activity.
While many companies are concerned about cyber threats to their operations, most do not understand the difference between data plane and control plane protocols.
Securing ICS networks is an extremely challenging task, as they lack many of the threat monitoring, detection, and response capabilities commonly found in IT infrastructures.
To protect against external threats, malicious insiders and human error, industrial organizations must monitor all activities - whether executed by an unknown source or a trusted insider.
The single biggest roadblock to ICS security today is the lack the visibility and control into activity that is occurring at the control layer, namely access and changes made to industrial control devices.