At this point, I’ve written a number of times (in SecurityWeek and on our own blog) about the increasing threat to the security of Industrial Control Systems (ICS) and Critical Infrastructure networks. I’ve pointed to a changing threat landscape and to inherent flaws and systemic security risks within these networks that make them difficult to protect. I’ve presented a thesis that we’ve lost a decade worth of security advancement while waiting for threats to manifest, and suggested that 2017 has shown us that the nightmare scenarios we’ve discussed may be right over the horizon.
In the spirit of taking concrete steps - I thought I’d use this opportunity to outline a few prescriptive steps that can be followed to do something about the state of security in your own ICS network environment. Below is a high-level - for the details, you'll have to go check the article out at SecurityWeek.
1. Acknowledge the threat and communicate it LOUDLY across your organization
2. Stand up a project NOW – this year – to improve security for your ICS network as early as possible into 2018
3. Talk to your suppliers, your peers and industry analysts about where you should be focusing
4. Tackle the biggest issues first
At Claroty - we're focused on one mission - driving innovation in ICS/critical infrastructure security before our adversaries turn nightmare scenarios into reality. I hope you'll read the full SecurityWeek article - and all of the articles we've published to this point. I think you'll find them provocative, informative and helpful to your critically important work.
We're trying to sound the alarm and offer substantive support to help your organization counter the evolving threat.