As Operational Technology (OT) environments become increasingly interconnected and smarter, organizations face significant digital transformation challenges. The business demand for the raw data and information produced by OT systems is growing exponentially both from an internal and external perspective. As the demand for data increases, so has the volume of cyber-attacks specifically aimed at OT system. Cyber-attacks are becoming more advanced and have the potential to impact a number of aspects of a company’s business including safety, health and environment, production operations, information integrity, financial performance and reputation.
For a company looking to harden their OT environment, identifying where to begin can often be a confusing and difficult process. Before embarking on an OT hardening project, for example by either implementing costly technical solutions or introducing new OT specific policies and procedures, leaders need take a step back and ask themselves if they understand, or have thought about, the “BASICs” of OT.
In this session, Leidos Cyber Expert, Scott Keenan, will explain Leidos’ view of OT “BASICS” which provides organizations with the foundation necessary to build a OT hardening project.
The cyber attacks from the last week have affected entities globally, from telecommunication infrastructure to medical facilities across the UK to European utilities as well as multiple other types of industries and consumers. The WannaCry ransomware will go down in history for setting an example of how malicious software can disrupt global networks, leaving systems crippled until demands are met.
This highlights so many issues we at the Cyber Senate have been working so hard to bring to our forums. We believe there is so much work to be done to fully understand how we can better develop a culture of awareness within our organisations, and how we address the skills gap in our industry. We Tneed to have a better understanding of the risks of 3rd party applications and the supply chain, as well as better educate procurement. There is still much work to do in developing synergies between IT and OT divisions wrestling with convergence, in understanding that compliance doesn’t equal security and that just because “you’re not connected to the internet” that you’re cyber secure. That is just a few areas we need better insight. On another note, how many ICS systems are still running a unpatched version of Windows XP?
Cyber attacks that impact critical national infrastructure can ultimately cost lives. That is why these discussions are so important. These events are built to facilitate public and private information sharing, to assist you and your team in understanding how your industry counterparts are meeting the challenge, what you are doing right, wrong, and to help define “what is best practice?”
We hear a lot about vendor accountability and disclosure which is another piece of this puzzle that needs to be addressed. We, however, believe people are the most important factor in the cyber kill chain. Technology will never tick all the boxes, it can and does fail and so do humans. It is how we get up, respond, move forward and learn from these lessons that count.
We hope to meet you in 2017. If we can help you bridge the gap, do not hesitate to reach out.
“The National Cyber Security Strategy set out the Government’s overarching plan “to make Britain confident, capable and resilient in a fast-moving digital world.”2 This strategy specifically supports the Government in ensuring that the UK has a secure and resilient energy system, by ensuring that the civil nuclear sector is able to defend against, recover from, and is resilient to evolving cyber threats. This enables the sector to continue to produce secure, affordable and clean energy. The strategy will also support the safe, responsible and cost effective management of the UK’s energy legacy. This strategy sets out a path to keeping the UK civil nuclear sector ahead of rapidly evolving threats to, and vulnerabilities in, software and equipment in the next five years.”
The Cyber Senate 2nd Annual ICS Cyber Security Nuclear Summit will take place in Warrington on May 22-24th.
Civil Nuclear Strategy can be found here https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/591619/170213_-_Civil_Nuclear_Cyber_Security_Strategy.pdf
The Cyber Senate are pleased to announce the IAEA will be joining us as Key Note presenters on the Industrial Control Cyber Security Nuclear conference we will be hosting in Warrington UK, May 24-25th 2016.
For further information see www.industrialcontrolsecuritynuclear.com