IEI: Defender’s Approach to Security

Wednesday, October 12, 2016 @ 03:10 PM gHale

By Gregory Hale
Just because a hacker can get into a system, it does not mean you can’t defend against it.

“There is a lot we can do from a defensive standpoint,” said Bri Rolston, ICS security lead at Monsanto, during a Wednesday keynote at Belden’s IEI Design Seminar in Orlando, FL. “I am a defender. Yes, they can attack, and I can defend it. We want to anticipate what an attacker can do. We don’t want to do things in the usual way.”

IEI: Hardening a System
IEI: Learning to Ward Off Hackers
IEI: Basic, But Needed Security Lesson
IEI: Moving Forward with Ethernet Networking

Hackers can compromise the ICS space, but that does not mean they can control the process, that means they have to plan for and deliver separate payloads, the attack payload and the physics payload that can control the process, Rolston said.

Rolston takes the approach end users need to think differently about security and while they need to understand the mindset behind the hacker, they also need to control what they can control – and not worry about what the hacker is doing.

From a defender’s perspective, they have to look at:
• Efficient attack path selection
• Anticipating attack strategies
• Threat analysis
• Response planning

“You have to think about the problem differently than you have ever done it before,” Rolston said.

Part of defending an ICS platform is understanding risk and Rolston said that works in favor of ICS and OT teams since they deal with that every day.

Risk, Rolston said, is about impact and reliability. A vulnerability found in the network is not a risk, but it is an impact, she said.

Rolston said there are three aspects to think about, one is what the hacker can control, but the rest is what the defender can control like what IT does and what ICS does.

“I can’t control them, so why would I worry about that? I need to know it and understand it, but I can’t control that,” she said. “I can control the attack surface exposure.”

Part of what the defender needs to do is line up the data points and understand the adversaries, the attack work flow and the technical threats, Rolston said.

What is interesting about hackers is they are people that have similar issues as defenders. So, if the defender can get in their mindset defense just flows after that.

That means defenders do not have a limitless budget and resources so they have to prioritize and spend their time and money in the right areas. “Once I know what they are learning, I know where they are going,” she said.