Key Takeaways from ICS Cybersecurity Conference

Securicon attended the 2019 ICS Cybersecurity Conference in Atlanta on October 21-24. It was a four-day whirlwind of speakers working at the cutting edge of OT security who provided a crash course on the state of the industry, and areas for improvement in 2020.

If you couldn’t make it to this incredible event, don’t worry, we’ve compiled our top four takeaways from the conference just for you.

1. OT cybersecurity can’t be automated

We all know that malware attacks against ICS systems have been rising for the past decade. According to Mark Carrigan from PAS Global, there’s good news: security officers are taking notice, and 84% of businesses have invested in solutions to address the IT/OT convergence.

Here’s the bad news: the demand for solutions has generated an influx of vendors who lull their clients into a false sense of security by making promises they can’t deliver. When it comes to threat detection, nothing beats human expertise, and over-dependence on automation allows targeted attacks to slip beneath the radar.

2. IoT is the next big threat for ICS

Distributed Energy Resources (DERs) are helping power companies to better manage the grid: unfortunately, they also create points of entry for attackers. In response, Jim McCarthy from the National Institute of Standards and Technology (NIST) spoke about ongoing efforts to regulate the Industrial Internet of Things (IIoT).

Lionel Jacobs from Palo Alto Networks argues that organizations should adopt a zero-trust policy towards IoT, segmenting SCADA and ICS networks with perimeters to reduce the lateral mobility of attackers. The dangers of IoT may be unavoidable, but with careful governance policies, they can also be managed.

3. Insider threats: still a problem

Conventional wisdom suggests that isolating control systems from network access is the best way to protect them. But – says Chad Lloyd from Schneider Electric – “air gaps” can produce a false sense of security, because they are still vulnerable to human failure inside organizations.

97% of attacks on critical infrastructure do not depend on clever exploits or vulnerabilities, but on social engineering attacks which trick personnel into divulging passwords and access information. It’s clear that more investment is needed to train personnel in cyber hygiene and prevent insider threats.

4.  Threat hunting is best way to strengthen networks

Thomas Pope from Dragos delivered an insightful presentation, showing that modern hackers increasingly rely on the same tactics, techniques and procedures (TTPs) that pen testers and threat hunters have been using for years.

For this reason, threat hunting remains one of the most powerful ways to prevent attacks before they occur. To prove the point, Illan Barda from Radiflow showed eye-opening results from red-teaming on a water treatment facility.

Adopting a Threat-Based Mindset

All our takeaways from the ICS Cybersecurity Conference emphasize one theme: OT-dependent organizations will have to adopt a threat-based mindset to fight the next generation of attacks on ICS and critical infrastructure.

With years of expertise trusted by the U.S. security community – including DoD, DHS and the U.S. Cyber Command – our people are equipped to find and eliminate modern OT threats with methodology including:

  • Vulnerability assessments and penetration tests
  • Red-team and blue-team services
  • Industrial Control System (ICS) assessments
  • Network engineering and security architecture design

Automated solutions just aren’t good enough: in 2020, partner with an organization that can see both the big picture and granular details of cybersecurity today.

Securicon’s threat management solutions are based on industry standards for safety and professionalism. With years of experience in ICS cybersecurity, we are here to protect your organization. Contact us for more information.