Industrial cyber security: compliance and reality
Protection of legacy assets by defence-in-depth
Cybersecurity in industrial control systems (ICS) and supervisory control and data acquisition (SCADA) are developing fields. There is an ongoing effort to reduce the cyber-security risks and to improve the cyber-resilience. Security through the lack of external connectivity, the ‘air gap’, is disappearing as more and more devices and sensors are being connected to the internet or even Open Architecture to share data.
Older operational equipment (Legacy assets), become ‘vendor unsupported’ and are very vulnerable to cyber attacks.
In the meantime, hackers are getting closer to the bare metal of a computer and their access is becoming deeper and more resilient
For too long the focus has been on vulnerable code. The cyber-security industry tried to protect vulnerable systems by establishing digitally and physically-based perimeters around them, with firewalls and antivirus software. It didn’t work. It is essential to understand why and where vulnerabilities exist, and how hackers can exploit them in your organisation. Knowledge and understanding of the vulnerabilities are essential to be able to ensure the appropriate security. Transformation is needed from this perimeter focus, to a focus on users, assets and resources at specific locations.
Curious to read more of this article in the One Magazine? The One Magazine article can be found online here.
