By Gregory Hale
Security in the industrial control environment has come a long way, there is no doubt, but the reality is with all the awareness, all the technology advances, all the attacks, the industry is just beginning.
“You have made progress since 2015, said Dale Peterson, founder and chief executive of Digital Bond and founder of ICS-related S4 conference during his keynote address Monday at the S4x19 conference in Miami. “We are 18 years from 9/11 and you would like to think we are at the summit, but in 2019 we are just starting our journey.”
While it may seem like progress is slow, and industry users and vendors have been slow to move forward in adapting and adopting technologies and new practices, Peterson looks at the evolving ICS environment a bit differently.
“Success will come in a way different than you will expect,” he said. “We are at the beginning. We have come through security by obscurity and denial, where people would say this will never happen to us.”
This new year follows up on what Peterson called “2018 was the year of cyber hygiene.”
That was where asset owners were testing systems to meet cyber hygiene standards.
The issue, Peterson said, is end users are “having a hard time implementing cyber hygiene.”
While they are trying to clean up systems and make them run more efficiently, attacks are still ongoing.
“We are falling behind.,” he said “Attacks are increasing. (Attackers) know to go after safety systems to cause events.”
That part of the equation is relatively new, but Peterson asked, “What happens when criminals figure out how to make money? That is when it will really take off. This is all occurring faster, and we are falling behind.”
Just trying to get a grasp of what is going on over an entire network that is increasing its connectivity, while also fending off intentional and unintentional attacks from insiders or nation states, while also asking for more funding to get to a certain level of security, while trying to figure out when to install the latest patches, it is easy to flail away doing the same thing and using the same approach. That all may work, but in the end, it will start to consume security professionals.
“That is why we have to have a new way to do (security),” Peterson said. “We need to ask better questions.”