The Claroty Blog

The Year to Come in ICS/Critical Infrastructure Security

| Galina Antova

Below is an excerpt from my most recent article in SecurityWeek outlining my views on what we will see in 2018 related to Critical Infrastructure/Industrial Control Systems cybersecurity. I invite you to have a read below/read the full thoughts in SecurityWeek and to drop me a line if you'd like to discuss.


In my previous column, I outlined a series of high-level, prescriptive steps for organizations to follow to better the security posture of their Industrial Control Systems (ICS) networks. Hopefully, you found that helpful to moving the needle forward and are putting some of those steps in place. I promised in that column that we’d address a series of technical recommendations as the next in our series. We have to hold those thoughts for the January edition. Rest assured, that piece will come along into the New Year (I’m giving you something to look forward to!) 

Here, I wanted to address some of my thoughts about what the New Year will hold for Industrial Control Systems/Critical Infrastructure cybersecurity. It is “Security Prediction Season” after all and I’d be remiss not to offer my thoughts. Below I’ve outlined a few things I think that will definitely manifest – some are bad, some offer more promise for placing us on a path to combatting an adversarial scourge which is growing in this absolutely critical area. 

Nation-States will Conduct More Probing of Critical Infrastructure: 

I think that Pandora is out of her box as it relates to nation-state threat activity against critical my full thoughts here.

Ransomware will Again Spill Over- it MAY be Targeted and Disruption will Rear its Head Again: 

The most significant cyber events in 2017 related to ICS networks came in the form of collateral damage. We warned in April of ’17 that ransomware was coming for the shop-floor. In May and June, we saw those warnings turn into my full thoughts here.

Boards Will Demand Insights and Finally Empower Action 

On the back of the reported losses from NotPetya, we have already seen what looks to be the beginning of a major sea-change with respect to the level of concern Boards of Directors are placing on securing ICS my full thoughts here.

The Ugly Truth Behind Readiness Will be Revealed 

Given increased focus on ICS security readiness, I anticipate an audible collective gasp as organizations come to the stark realization that they are nowhere near as ready to combat threats to their ICS networks as they once my full thoughts here.


Am I a soothsayer? No – but I have been in this space long enough to confidently make these statements about the year ahead. I’m keeping my fingers crossed that the bad will not manifest the way I predict – and that the good will manifest faster than we are even seeing. 

There is no more important mission in cybersecurity – in my mind – than securing the Industrial Control Systems networks that power our world and our lives. I leave you with hopes for a happy and healthy holiday season – and for the empowerment you need to fight the good fight into 2018.  

Subscribe to the Blog