OT/ICS News Roundup - Week of 2.27.17

Here are a few stories that turned our heads over the past few days: 

Cybersecurity of the Power Grid a Growing Challenge

 “Until 2015, the threat was hypothetical. But now we know cyber attacks can penetrate electricity grid control networks, shutting down power to large numbers of people. It happened in Ukraine in 2015 and again in 2016, and it could happen here in the U.S., too.” 

Our Take: AMEN. The writing has been all over this wall for far too long...and we cannot afford to give this lip service any longer. Red-lines have disappeared - the threat is looming. This is the challenge of the next 10 years in infosec - and hopefully we wake to it before the threats manifest themselves in large numbers. Once they do, the effects will be immediate and will reverberate through our economies. 


States resist Critical Infrastructure designation for election systems: 

 “The National Association of Secretaries of State voted on Feb. 18 to oppose the Department of Homeland Security's late January designation of state election systems as federally protected "critical infrastructure." The designation puts election systems on similar footing as systems in the energy and financial services sectors.”

Our Take: We won't weigh in on the politics of it all - our thoughts are simple and brief. The state of security readiness across all critical infrastructure domains is so poor at current that we should prioritize rapid investment and harness the strength of public and private sector partnerships to fix those problems immediately. Once we've made sure we can protect water, transportation, oil and gas, energy, et al...then let's take on another. All that said, no question - threats to election processes are real and growing and there is ample reason to be concerned here.


ARC Advisory Group releases new market research for Industrial Cybersecurity Management solutions:

"ARC Advisory Group has just completed fresh market analysis research on Industrial Cybersecurity Management Solutions.  ARC’s Industrial Cybersecurity Management Solutions Market Research report provides a concise analysis of the industrial cybersecurity management solution market.  It includes quantitative information on market size and growth across various regions, industries, and product categories.  It also includes qualitative discussions of market drivers/inhibitors and the positioning of the many suppliers offering cybersecurity management solutions for industrial plants and facilities."

Our Take: The market for OT/ICS security is finally heating up - from security vendors, to OT/ICS vendors, to practioners - an awakening is occurring. The status quo is abysmal in this space, time to shake off the status quo and drive real innovation.