Cybersecurity Moves Forward

While OT environments still aren’t 100% secure, organizations throughout industry are moving in the right direction.

According to Mille Gandelsman, CTO of the cybersecurity company Indegy, New York (indegy.com), industrial organizations are well down the path to ensuring full visibility, security, and control of their environments.

Based on Indegy’s work in this arena, Gandelsman recently put forth six predictions regarding the 2019 industrial-security landscape.

Industrial-control-system (ICS) security will become more mainstream.

Many large industrial and critical infrastructure organizations have already made investments to secure their operational-technology (OT) infrastructure to the same or higher degree than their IT infrastructure. This trend is expected to continue in 2019, as well as extend to mid-sized and smaller operations. Given the clear and present threat, ICS security will become a mainstream requirement for every industrial organization, regardless of size.

Hacking tools will become more accessible.

Nation states, rogue factions, and insiders have been the culprits in many past cyber attacks. Going forward, there’s an expectation that lone wolves and non-nation actors also will be launching them. Since barriers to entry are lower, with a little know-how, OT-based attacks can be carried out by the general hacking community rather than through state-sponsored cyber-warfare initiatives. 

Attacks will become more sophisticated.

In general, most past attacks were aimed at a single target or country. Going forward, attacks will continue to grow in sophistication and become multi-pronged, targeting multiple locations and sites simultaneously or in close succession. Organizations will need to consider this possibility and evolve their security posture accordingly.

Active detection will be too valuable to ignore.

Increasingly sophisticated attacks will not only push organizations to act, but force them to address new threats in a more proactive way. Passive or “listening only” monitoring, which only looks at network traffic, will no longer be sufficient. Instead, active-threat hunting through safe device querying will become essential. “Active” covers the 50% of threats that can’t be detected with network-only monitoring. 

Collaboration/sharing of OT threat intelligence will increase.

In the area of threat hunting, several other capabilities will be required to better identify, mitigate and report on new ICS threats. The coming year is likely to see a maturation of ICS threat intelligence. This will include use of external security data feeds, as well as integration of OT security technologies with security- and event-management software (SIEMs) and next-generation firewalls, among other things. There will also be more sharing of information across communities such as the Open Information Security Foundation, Boston (oisf.net), which has been a mainstream practice in IT years. The OT community will embrace this strategy as a way to more quickly identify threats and protect against attacks on ICS environments.

New standards for ICS security will emerge.

In addition to all of the above, Indegy expects new ICS-specific standards, guidelines, and best practices for assessing and hardening the security of ICS environments to be published and adopted. EP

Indegy protects industrial control system (ICS) networks from cyber threats, malicious insiders, and human error. To learn more, visit indegy.com.