Last week we joined the SANs Institute in their “State of Industrial Control Systems Security” webinar. They provided an overview of the data collected in their 4th annual survey on this topic. SANS is a cooperative research and education organization, and is by far the largest source for information, security training and certification worldwide.
Here’s a quick recap the webinar, which you can watch here. Their Securing Industrial Control Systems 2017 report is a deep dive on the survey results. If you care about ICS, manufacturing and process control system security it’s a worthwhile read.
Why Automation is Compelling
Across most industries ICS automation enables organizations to:
- Increase productivity, profits and competiveness.
- Accelerate production through greater efficiencies and increased yields.
- Lower operational costs and liability
However, with these benefits come risks. IoT and Industry 4.0 are radically changing the way manufacturers do business. Read our previous post to learn more about some of these challenges as the lines between OT and IT are blurring.
Survey Readout – Five Key Points
The SANs survey asked over 40 questions of ICS security professionals from enterprises of all sizes across many industries. A few of the stats:
- Insuring system reliability, availability and safety is the #1 business driver for ICS security professionals.
- Over 2/3 of the respondents indicated that they see high or severe levels of threat to their control systems.
- The #1 threat vector is adding devices to the network that “can’t protect themselves”.
- The increasing number of external AND internal threats, as well as a growing worry about malware are top security concerns.
- Security budgets are growing and are now often shared between OT and IT – a good sign of the breaking down of silos and increasing collaboration.
The SANs report recommends addressing these and other challenges, including the importance of network segmentation, especially as corporate and OT networks become more interconnected. They also advocate for real-time monitoring to enhance visibility and improve asset control. The Great Bay Software Beacon product suite targets this recommendation and more. When it comes to industrial IoT, for example, our solutions provide real-time discovery, visibility and control. This enables your security team to proactively respond to anomalous behavior and take immediate action in case of control systems breach.
Stay tuned for more on ICS security challenges and solutions. As always, you can learn more about the Beacon Suite here.