S4: Open-Minded Security? Just Try

Wednesday, January 17, 2018 @ 07:01 AM gHale

By Gregory Hale
The enormity of security can often boggle the mind.

Just think about it for a moment, with trying to get a grasp of what is going on over an entire network, while trying to fend of intentional and unintentional attacks, while trying to explain why you need more funding to get to a certain level of security, while trying to figure out when to install the latest patches, the list goes on. Mind boggling.

ICS Alert: USB Malware Attack
Safety System, DCS Attacked
API: Finding Success from a Failure
Advancing to IIoT Means Back to Security Basics

It would be easier sometimes to just shrug your shoulders, walk away, and learn to play the cello.

“You are not going to be able to do anything without trying,” said Dale Peterson, chief executive of Digital Bond, during his mini keynote Tuesday discussing the theme of “Try!?” at the S4x18 conference in Miami. “We can solve these problems. They are not impossible.”

He said it hasn’t always been that way. From the years 2001 to 2011, there was zero percent trying to service industrial control systems (ICS). From 2012 to 2014 there was an awakening, he said, with 1-3 percent coming to life and starting to secure ICS. Then from 2015 to 2018, 10 percent were thinking about and trying to secure ICS.

“It is finally happening. We are doing this. We should celebrate success,” Peterson said.

What scares him, though, is hearing about people not trying because of the degree of difficulty when it comes to deploying a solution or getting stuck in a rut of thinking there is only one way to do things and not applying new ideas and concepts to secure a manufacturing facility.

If security professionals were able to step back a little bit and compare what they are doing today compared to three or five years ago, they would notice a big change, he said. One of the big changes is there is more consequence reduction occurring today than ever before.

Peterson has talked before about needing to look at things a bit differently and having new conversations about security. One of those areas is consequence reduction. The industry oftentimes focuses on likelihood, but manufacturers also need to look at consequence. The type of attackers, while not randomly hitting you, but are highly motivated and are conducting a very specific task, which could cause a big consequence.

Yes, change is happening and ICS security is moving forward.

“ICS moves slowly like a glacier,” Peterson said. “You have to be open to new ideas.”

Just try.

Leave a Reply

You must be logged in to post a comment.