Is Cybersecurity really on the agenda of the ICS community?

In November, Toreon (my colleague Vincent Haerinck and myself) attended the fifth LSEC annual Industrial Automation Security conference at the Antwerp Engineering Company.

It was a nice one-day event with speakers from companies such as Airbus, Rhode Schwarz, SecurityMatters, Kaspersky, DutchSec, Secudea and Flowman. Topics covered included “Actual and future Industrial Cyber Security views on Process, People and Technology”, “Cybersecurity Challenges at Airbus Defense & Space production”, “Protecting Industry 4.0 and the Industrial Internet of Things”, “Tricking the hacker: Honeypots for Industrial Control Systems”, “Hidden Dangers of Remote Management in ICS”.

Very interesting subjects, right?

The intended audience of the event included:

• Manufacturing Companies
• Critical Infrastructure Operators
• IT / OT Security Managers
• Plant / Production / Process Managers
• Industrial Control Systems [Security] Experts

And yet:
There were seventy seats at the event. Ten remained empty, ten were for speakers, ten for vendors, ten for students and ten for consultants such as myself. That leaves a about twenty seats for people from the Industry. Only twenty people from the industry attended a nice event about Industrial Automation Security!

What does that mean?
Do automation engineers just not care about security in the OT environment? I would have thought that incidents like Stuxnet, … would have shown people that ICS security really matters!
I still find it so unbelievable that companies are willing to invest time and resources to protect their intranet servers while at the same time leaving their production systems unprotected.

You know, today, OT systems are no longer purely mechanical and they are not isolated. They are IT systems that are connected to the rest of the IT infrastructure and (indirectly) to the internet. Worse yet, they often lag the IT world by five to ten years in technology but have a lifespan of several decades.
ICS systems really need to be protected!

What can we do to raise awareness in the ICS/SCADA/OT community?

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *