The subject of industrial cybersecurity has been a topic of considerable interest for well over a decade, particularly with respect to the potential implications for the protection of critical infrastructure. Standards exist at the industry, national and international level, but these are often of little practical use to the typical asset owner without additional professional guidance. Several groups and organizations have stepped forward to provide such guidance, often directed at a specific industry sector. To a considerable degree, these guides and similar documents then restate or reinterpret the same or similar principles, without adding much in the way of new or fresh insight.
The result of all of this interest and activity is that we are faced with a tremendous amount of information; so much that the quantity itself can become a significant impediment for those trying to address specific challenges related to industrial cybersecurity. A quick Internet search on the subject can result in literally thousands of references, leading to considerable confusion.
Even with all of this information, there are still reports that not enough is being done to address the evolving risks to these systems. Perhaps we could describe our situation by paraphrasing a famous quotation:
– Charles Dudley Warner
How can we explain this apparent dichotomy? In 2016, MESA formed a Cybersecurity Working Group to investigate the topic of industrial cybersecurity and produce materials in this area that are valuable to the membership to try and clear up the confusion.
Myth – We are An Unlikely Target
The Colonial Pipeline, Iranian Centrifuges, large financial companies and large companies in general, big cities – these are the notable targets of cyber attackers. Seen within this context, it is easy to assume that your company is an unlikely target for a cyberattack and therefore, does not need to be stringent about protecting your manufacturing systems. Let us explode this myth.
Cybersecurity Myths - We Are Disconnected
You may think your manufacturing systems or industrial control systems are similarly “disconnected.” However, you may not be aware of the number of factors working against your assumption that can make it essentially moot. After all, as I am proof, it only takes one time.
MESA White Paper # 61: Industry Cybersecurity, Improving Our Response
The industrial cybersecurity market is facing rapid changes as more threats are discovered, more impact is felt by end users, ICS attack tools become readily available and cybersecurity vendors vie for leadership. This paper highlights both alerts and advice for end users of automation and control systems (ICS/OT/IACS/SCADA) and selected advisory notes for practitioners of industrial cyber-physical security.
Cybersecurity in Manufacturing: What? Why? How? And How Much?
In your day-to-day routine, how focused are you on topics of cybersecurity? Do you follow exploits published by SANS, ICS-CERT, etc and relish in unique 0-Day findings? Or, do you passively hear of hacks on the news and think, “I’m glad that wasn’t my company!” For most of us, the answer would be the latter. However, the scale of attacks on the manufacturing sector and proportional loss to businesses in recent years has demonstrated the necessity of secure integrated control systems.
WannaCry Ransomware Cryptoworm: What It Means To The Industrial World
For Solutions Providers and those in Manufacturing and Critical Industry sectors, the biggest risk is generally not our base laptops – or surfing the web (although this is frequently the entry point), but un-patched and unsupported production systems and our development Virtual Machines (VMs) scattered across various storage devices.