Industrial Control System Security: Getting a Grip on OT Cyber Security
- LANGUAGE: English DATE: Thursday, March 05, 2015 TIME: 4:00pm CET, 10:00am EST, 7:00am PST
Common Problems and Unique Challenges of Protecting OT networks in Critical and Non-Critical Infrastructures
Are your operational technology (OT) networks hosting Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems, well secured? For many organizations, the answer is still “no”. Information security generally focuses on Information Technology (IT) networks and systems, not on the OT systems used in manufacturing, utilities and critical industrial infrastructures.
What makes ICS systems so difficult to secure? Although these systems suffer the same security issues as any other networks, such as outdated software, inadequate patch management and malware attacks, there are other factors that traditional IT security solutions are not yet able to address. This includes both technical issues such as securing proprietary programmable logic controllers and business requirements such as ensuring industrial process safety and reliability.
Historically, industrial control systems have been a very separate area of the software development market, with their own business drivers, requirements and regulations, and were never designed with security in mind. For decades, these systems were based on proprietary hardware, software, network protocols and were largely isolated from corporate networks. This has changed. In the 1990’s, many control systems switched to commodity computer, networking and even software components, and control networks were widely interconnected with corporate networks to realize cost savings and productivity improvements. 20 years later, most organizations are still struggling with the security implications of this shift.
The consequences of current-day industrial cyber security are adding up. Very recently, a German government report explained how a blast furnace at a steel mill suffered serious damage as a result of a cyber attack. Many authorities are warning that even low-tech “erase the control system hard drives” types of attacks could cripple manufacturing, utilities and other infrastructures for long periods of time. And more sophisticated attacks are possible.
In this KuppingerCole webinar, you will learn about:
- How IT cyber security is similar to OT cyber security, and how they differ
- Common and specific security challenges for OT networks
- Security solutions for protecting OT networks and systems
- Unidirectional Security Gateways: hardware-enforced protection for OT network perimeters
In the first part of the webinar, Martin Kuppinger, founder and principal analyst and Alexei Balaganski, senior analyst at KuppingerCole, introduce to the field of industrial network security. They look at security challenges that the industry is facing, both common to all areas of information security and the challenges unique to industrial networks and critical infrastructures. Finally, they outline the ways current IT trends will shape the future ICS security solutions and discuss the possibility of convergence between traditional and industrial network security.
In the second part of the webinar, Andrew Ginter, VP Industrial Security at Waterfall Security Solutions presents deeper insights into specific industrial security challenges that traditional IT security products cannot reliably address. He introduces the concept of a Unidirectional Security Gateway, a hardware-enforced network perimeter protection able to safely and reliably integrate IT and OT networks without the complexity and vulnerabilities that always accompany firewall deployments.
Digitalization evolves with the increased use of microcomputers in everyday objects like cars and smart fridges, but also in industrial applications. Therefore, communication between devices is growing accordingly. While connecting devices is supposed to make our lives easier, it poses a great challenge from a security standpoint. Every connection opens a potential backdoor for attackers to slip inside your network.
Come to the place where the Digital Transformation is happening. The European Identity & Cloud Conference, held from May 12-15, 2020, offers a mixture of best practice discussions, visionary presentations, and networking opportunities with a future-oriented community. More than 800 thought leaders, leading vendors, analysts, executives, and end-users get together in Munich to be inspired by a list of world-class speakers.
KuppingerCole analysts build upon competencies from comprehensive research, experience from highly topical PAM advisory projects and systematically expanded and advanced best practices. Our analysts and advisors offer a one-of-a-kind, multi-channel approach to modern knowledge transfer: the KuppingerCole Master Class Privileged Access Management. Webinars and webcasts, up-to-date research documents, an all-day classroom workshop with final exam and certification of the acquired skills lay the foundation for establishing the necessary technical and methodological knowledge in your own organization.