Complex Security Should be Easy

Wednesday, February 18, 2015 @ 03:02 PM gHale

By Gregory Hale
A new wave of security awareness is hitting the industry.

Security continues its rise throughout the manufacturing automation industry and there was no better evidence of that when the ARC Advisory Group and Kaspersky Lab devoted a good chunk of their conferences these past few weeks to that very topic. Yes, Kaspersky is a security company, but its main focus has always been purely on IT, but they devoted one day to industrial control system security. ARC covers the entire industry and of all the important topics it had to cover, it truly devoted a ton of time to the burgeoning topic.

SAS: Security for Accelerator
SAS: Security a ‘Workable Problem’
SAS: Intricate Attacks on Banks
DDoS Attack Costs on Rise
Security a Differentiator for Users

The question leaders at manufacturers across the industry should be asking is if these organizations devote some much time, energy and funding to cover the subject, what do they know that we don’t?

Chet Mroz, chief executive of Yokogawa North America gets it. He talked at the ARC Advisory Group’s ARC Industry Forum 2015 in Orlando, FL, last week about the importance of security as his company is teaming up with Cisco and Shell to implement a standardized security platform at 50 Shell facilities over the next three years.

Peter Holicki, vice president at Dow Chemical discussed at the ARC form during his keynote address about the importance of security. “The biggest issue we are facing today is cyber security,” he said.

That also led into another ARC keynote by Gregory Touhill, Air Force Brig Gen (ret), CISSP and Deputy Assistant Secretary for Cybersecurity Operations and Programs at the Department of Homeland Security.

“Cyber security is misunderstood by many folks,” he said. “People think it is a technology issue. I say it is a risk management issue for companies and individuals. Risk management is something we all need to look at as we conduct business on a daily basis.”

“As we look at industrial control systems, they are not designed with security in mind,” he said. “They are old and security is bolted on. Sometimes we find owners and operators have decided to take the risk and not pay for security. As we go out into the sector, we have to bake in security.”

Security is hard, no one will deny that, but what is even harder is recovering from an incident where vital data ended up lost or stolen from an attack either through an outside entity or an insider.

One of the security issues that always slams the door shut is the complexity of a solution.

Dan Kaminsky, with Doxpara Research, said during his session at the Kaspersky Security Analyst Summit 2015 (SAS) in Cancun, Mexico, talked about the seemingly divergent thoughts behind security.

At one level, “basic security strategies are not enough,” he said. But on the other hand, “we need to make security easy.”

That thought and process has to start moving forward now. The industry needs security, but it also needs an easy way to implement a program that will keep a system up and running and producing product.

Will it be easy? No. But with the increase in awareness coupled with the understanding companies need to do something about the situation, means the time is right to bring in a program and train everyone on its ease of use so you can protect the crown jewels.

Security touches every part of every company. It has to be at the top of mind for every worker, much like safety is today. Everyone has a stake in security.

Talk to me.

Leave a Reply

You must be logged in to post a comment.