The following is pulled from my recent contributed article with SecurityWeek...
In 2005, the breach of Card Systems (a major payment card processor), which exposed 40+ million credit cards, was labeled “The Biggest Hack of All Time” – the breach made worldwide news and the cover of Newsweek with a multipage article highlighting the dangerous new reality of cyberthreats. Fast forward to just last week with the announcement of the Equifax breach impacting 143 million individuals’ personally identifiable information, credit histories and card details and it should be apparent that nothing has gotten better in the world of IT security in the past 12 years. To the contrary, our ability to counter and combat threats has been nothing short of a failure.
Why reference these IT network breaches if my focus is on the industrial control systems (ICS) or operational technology (OT) networks that power critical infrastructure and run our global economy? I point to them as stark reminders to anyone thinking that the security of these networks is either “on par” (a horrible standard at best) or better than those of their IT counterparts. This could not be further from the truth. IT networks have been where “the bloodshed” has been for so long now that they’ve rightfully commanded the lion’s share of investment in new solutions, people and processes. Conversely, despite all the conversations related to how we must prepare against nightmare outcomes from breaches in the OT domain – as there (until recently) has been a lack of major threat activity in this space – there has been a dearth of funding and advancement.
For more, please read the original post on the pages of SecurityWeek here.