As if protecting information on IT servers, personal computers and mobiles weren't enough of a challenge the race for automation and connectivity has spawned a much larger threat scape.
We continue to surprise ourselves with our uses for the increased connectedness we can enable through the Internet. Unfortunately our caution simply doesn't keep pace with our enthusiastic adoption.
HISTORY: Initially, Industrial Control Systems (ICS) had little resemblance to traditional information technology (IT) systems in that ICS were isolated systems running proprietary control protocols using specialized hardware and software.
Many ICS components were in physically secured areas and the components were not connected to IT networks or systems.
TODAY: Widely available, low-cost Internet Protocol (IP) devices are replacing proprietary solutions, which increases the possibility of cybersecurity vulnerabilities and incidents. As ICS are adopting IT solutions to promote corporate business systems connectivity and remote access capabilities, and are being designed and implemented using industry standard computers, operating systems (OS) and network protocols, they are starting to resemble IT systems.
THREAT LANDSCAPE: While security solutions (may) have been designed to deal with these security issues in typical IT systems, special precautions must be taken when introducing these same solutions to ICS environments. In many (majority of) cases, new security solutions are needed that are tailored to the ICS environment.
ASCOT BARCLAY GROUP are founding members of The Operational Technology Security Initiative. Mike Loginov our CEO is President of the Institute. We have led IOT / OT reviews for some of the world's largest companies and whilst the expanded internet adoption is truly staggering there is time to get and stay ahead of the curve when it comes to implementing security measures that are more than perfectly sound.
We would welcome the opportunity to discuss your OT / IOT estate with you and will gladly share our best practice approach to securing all of these vulnerable devices.