OT/ICS News Roundup Week of 3.6.17

Here are a few stories that turned our heads over the past few days: 



The Cyber Security Problem Everyone Has, But No One Wants to Deal With

In this article from Daryl Haegely (senior program manager assigned to the Office of the Assistant Secretary of Defense for Energy, Installations and Environment.) he higlights the immediate need for the C-suite to determine who is responsible for OT security - and get moving on it.

“When you think about the threats to your company’s cybersecurity, you probably think of malicious emails and spearphishing, hacks and data theft, ransomware, malware, spyware, and all the other kinds of -ware. Chances are, you’re not thinking about your thermostat. Or your electric meter. Or your garage door. But you should be.” 

Our Take: Haegely lays out a compelling case for C-suite personnel to start asking the right questions related to OT/ICS security. He points to a fact that may be lost on many - this is EVERYONE's problem - and the number of IT systems in a corporate network are likely dwarfed by the number of OT systems...yet OT security takes a back seat. It can no longer be this way - the time has come to get serious and make dramatic changes related to OT security practices.

ARTICLE HERE 

ROGERS: Why Data is Critical Infrastructure: 

 “"We tended to view historically critical infrastructure as something associated with an output: air traffic, pipelines, the financial world," he said. We didn’t ask ourselves about “information, data and fundamental processes like the ability to ensure a high confidence that in a western democracy the electoral outcome is actually reflective of the majority of our citizens -- which is at the heart of the democratic model.".”

Our Take: This has a lot of similarity to last week's story on States pushing back on DHS attempts to designate Elections as critical infrastructure...so we'll borrow from our analysis there. We won't weigh in on the politics of it all - our thoughts are simple and brief. The state of security readiness across all critical infrastructure domains is so poor at current that we should prioritize rapid investment and harness the strength of public and private sector partnerships to fix those problems immediately. Once we've made sure we can protect water, transportation, oil and gas, energy, et al...then let's take on another. All that said, no question - threats to election processes are real and growing and there is ample reason to be concerned here. 

ARTICLE HERE 

Watson Turns IBM Into a Serious Contender in the Industrial IOT Market:

"SNCF, the French railway operator, which transports over 13.5 million passengers every day, is committed to using IBM Watson. This effort involves thousands of sensors which SNCF is deploying on its trains, covering more than 30,000 kilometers of track, 15,000 trains, and 3,000 stations. Each of these sensors will ingest tens of thousands of data points to the IBM Watson IoT Platform where the data is analyzed in real-time. Through this integration, SNCF can remotely monitor train doors for potential failures, air conditioning, windshield water levels and oil temperatures."

Our Take: The world is buzzing about IOT - it is good to see the discussion heating up around "Industrial IOT" <---- distinctly different things that are often conflated. This is an interesting development - as any major industrial network operator will tell you, the amount of information to monitor, process, analyze and report on is mind boggling...good to see the power of Watson being brought to bear.

ARTICLE HERE