By Gregory Hale
Here we sit in this age of misdirection where an outlandish set of noise is set off in one direction while the real operation is working somewhere else. It is a classic diversionary tactic.
While that could refer to a tweet storm sent out by President Donald Trump talking about one minor thing and blowing it way out of proportion so other political moves are put in place or it could be about a team of attackers going after a critical infrastructure facility anywhere across the globe.
Either way, manufacturing automation professionals, whether they are engineers, operators, executives, safety or security experts, need to remain focused on what needs to be done, which is keeping plants safe, secure and profitable.
To get to that point when a manufacturer conducts a gap analysis, do we have the correct competence in place? Do we understand what can go wrong? How can we treat any deficiencies in an effective manner? Do we even know what we have?
Along those lines, can any one company answer those questions in an effective way?
Obviously, the answers only lie within an individual company, but it would be safe to say most companies cannot satisfactorily answer those questions.
On the other hand, companies will soon need to be able to answer those questions as one study found the average cost of experiencing an attack globally is on the rise, with breaches now amounting to $1.23 million on average for enterprises and $120,000 on average for SMBs.
Another study found companies are not investing in application security measures until after breaches occur, resulting in loss of productivity, customer trust and revenue, but at the same time they need more visibility into what is truly happening.
And when it comes to security, another study said users are making strides when it comes to intrusion and detection, but they will have to step up their games because there is also a hike in sophistication in malware obfuscation, social engineering tactics, and advanced persistent threats, a new study found.
So, to sum up those studies, breach costs are going up, users are not investing in security measures until after they are attacked and they are not ready for a more sophisticated form of assault. Hmmm, that does sound ominous.
But is it?
It is easy to get caught up in the daily grind of security and lose focus, but keep in mind, the industry is so far ahead of where it was 5 years ago; even two years ago.
There are more people aware and having the security discussion today than in the past. Much of it has to do with the everyday assault cybersecurity has on everybody’s lives, from data breaches, to credit card theft all the way to phishing attempts on a home computer. Much also has to do with attacks within the industry like the two on the Ukraine power grid, or even a gas plant safety system in Saudi Arabia. Those types of attacks are truly garnering the attention of executives across the board where security is becoming more mainstream.
Even looking at those attacks, they had aspects of diversionary tactics.
The Ukraine assaults seemed more like the attacker was just trying to see how far they can go.
The safety system attack in Saudi Arabia, while the attacker made a mistake which caused the safety system to shut down the facility, the real attack was when the attackers owned both the safety system and the DCS. They were going to go after the DCS to cause damage, but no one really knows right now what that attack was going to entail.
The idea here is not to get caught up in the hype, not to fall for one diversion and leave other areas insecure or unsafe.
The goal here is to remain focused, steady, safe and secure.