Digital attacks are a top concern for Industrial Control System (ICS) security professionals. In a survey conducted by Dimensional Research, 88 percent of these personnel told Tripwire that they were concerned about the threat of a digital attack. An even greater percentage (93 percent) attributed their concerns to the possibility of an attack producing a shutdown or downtime. Other survey respondents expressed their worry over the quality of production and data exfiltration at 86 percent and 81 percent, respectively.
Clearly, many ICS personnel are worried about the security of their operational technology (OT). That’s especially the case for organizations that are welcoming OT environments into their folds for the first time. In those organizations, the pressure is on for the CISO to extend the organization’s digital security strategy across all of its new industrial assets.
But how does the CISO provide this type of leadership in the face of securing these increasingly complex environments? How can they keep track of their security responsibilities as they expand beyond the enterprise and into industrial environments?
Negotiating Technological Differences and Legacy ICS Equipment
Divij Agarwal, senior product manager at Belden Inc., notes that this process begins by recognizing the advent of the IIoT and IT-OT convergence in which the IT (Enterprise) and OT (Industrial) networks are coming together. As part of that meeting, many industrial networks—especially those in the areas of smart grids, smart factories and smart buildings—are using many new next-gen industrial equipment. But most are still comprised of legacy devices, equipment and networking gear.
According to Agarwal, this state of affairs has everything to do with preserving the availability of those technologies found in OT environments:
That is to say, CISOs need to realize that industrial equipment is different from the types of devices found in IT networks. Agarwal points (Read more…)