Much has been said about attacks on enterprise IT as more remote desktops go online in the era of COVID-19. But security pros are growing increasingly alarmed by a lack of attention to industrial cybersecurity, and the operational technology (OT) used by everything from manufacturers making personal protective equipment to energy companies powering remote work.
The challenges to securing ICS in general are manifold: from a lack of visibility into OT, to legacy devices, to the mentality of the industry at large.
Still building a cybersecurity culture
"One of the tenets on the IT side of cybersecurity is that it's not a matter of if, but when" you’ll face a cyberattack, said Mark Carrigan, COO at PAS Global. "I don't think that mindset has totally sunk in on the industrial side. There's still a perception of, 'we can keep bad guys out.'"
"We have this mentality in the IT space that we keep things up to date, whether hardware or patching software. We have a plan to keep our cyber assets safe," said Marty Edwards, VP of OT Security at Tenable. "In the OT world, and in ICS, these systems are quite often just forgotten about for decades, in a steel locked electrical cabinet gathering dust. It’s not uncommon to find Windows XP and older legacy operating systems still in use just sitting there the way they were 15 years ago."
Indeed, adds Galina Antova, co-founder of industrial cybersecurity company Claroty, "Most systems are basically a black box to security teams in that organization."
Both Antova and Carrigan acknowledge that the ..
Support the originator by clicking the read the rest link below.
