I usually don’t like doing webinars when you’re given only five minutes to try and provide prescriptive guidance to an audience. But getting an opportunity to be a panelist in the 2017 SANS Institute’s State of ICS security webinar is different and an opportunity you don’t want to pass up. My participation was fueled by a desire to offer ideas and solutions in response to the many issues uncovered in this SANS survey. Thanks to the hundreds of ICS (industrial control systems) and IT practitioners who shared their insights for the growth of knowledge across our community. This is where the ‘give to grow’ part comes in useful.

The SANS Institute is good, really good

SANS always produces solid research and this ICS security report doesn’t disappoint. It’s packed full of juicy problems and issues and I encourage everyone to read it. But I also caution folks not to be overwhelmed by the results, which can induce hopeless paralysis. There are quick solutions to the problems and issues the report uncovers. Hint: the solutions have nothing to do with traditional IT technologies - they’re simpler, more immediate, and incredibly effective, but require resisting the misinformation that the network and security cartels push.

I may be simple but…

I like to try and reduce the complex into something easy to understand, so here goes my overly simplistic synthesis of the issues and problems uncovered in the SANS survey.

  1. Securing ICS is extremely important
  2. The risks and impacts of breaches are high across most ICS
  3. Connecting and protecting ICS is hard
  4. Traditional IT technologies and approaches make it slow, fragile, and very complex

Simple, fast, and unbreakable is a reality

I know first-hand that securing ICS can be simple, fast, and unbreakable. Despite my natural tendencies, that is not an overly simplistic statement – it’s true and I witness it every day.

Come back for part 2 of my blog where I’ll share some insights from a recent conversation with our customer who had to cope with the confluence of ICS and IT systems; under a non-negotiable deadline.

Friday, July 14, 2017 By Erik Giesa