Industrial Control Systems: Understanding the Access Risks and Security Challenges
- LANGUAGE: English DATE: Thursday, November 09, 2017 TIME: 4:00pm CET, 10:00am EST, 7:00am PST
For decades, Industrial Control Systems have evolved completely separately from traditional IT, with their own business drivers, requirements and regulations and proprietary hardware designs and network protocols. Needless to say, security from cyberattacks was never a priority for operational technology units responsible for managing those systems: after all, they weren’t even connected to office networks.
Things have changed dramatically in the recent years: since 2000s, many control systems have switched to commodity hardware and standard networking protocols. The convenience of remote management and monitoring has led to industrial networks becoming increasingly interconnected with corporate IT infrastructures. Also, the growing demand for collecting and analyzing vast amounts of data from sensors and controllers is fueling the growth of the Industrial IoT, which is to a large extent built on low-power computing devices directly connected to the Internet.
Such unprotected ICS and IIoT systems are no longer limited to manufacturing companies or utilities and in fact can now be found across all vertical sectors, including financial services, and cybercriminals are already learning to use them as gateways into corporate IT infrastructures. Unfortunately, people charged with management of those systems still have little or no knowledge of IT security. There is definitely a deficit of security responsibility in this crucial area, further complicated by the traditionally slow upgrade cycles in OT infrastructures, where hardware is expected to remain in service for over 10 years.
This webinar will analyze the risks of unprotected industrial networks, the impact of IIoT applications on control systems and how organizations can successfully manage these risks through effective identity and access management.
The topics we are going to discuss include:
- Why insecure industrial control systems are a common problem across many sectors including financial services.
- Who is responsible for ICS security in your organization and why this is not always properly defined.
- What types of cyberthreats are targeting ICS or using them as a gateway into IT infrastructures.
- How identity and access management applications are key to managing ICS security.
In the first part of the webinar, Martin Kuppinger, Founder and Principal Analyst at KuppingerCole, will present an overview of various types of industrial control systems and explain various terms like Operational Technology, SCADA, Industrial IoT, and more. He will provide a structured view of specific security challenges for the various types of OT systems. He will also identify which of these systems are targets of which cyberthreat types.
In the second part, Markus Westphal DACH Sales Manager at WALLIX, will introduce how companies can take back control over ICS / SCADA systems by utilizing Privileged Access Management (PAM). The WALLIX Bastion helps companies to prevent threats by providing one-point access to monitor and control all activity within your ICS: control internal and third party access, monitor activity, prevent insider threat and mitigate external threats.
A software company providing cybersecurity solutions, WALLIX is the European specialist in Identity and Access Security Solutions. WALLIX's unified solutions portfolio enables companies to respond to today's data protection challenges. WALLIX solutions guarantee detection of and resilience to cyberattacks, which enables business continuity. The solutions also ensure compliance with regulatory requirements regarding access to IT infrastructures and critical data. The portfolio of unified solutions is distributed through a network of more than 180 resellers and integrators worldwide. Listed on the Euronext (ALLIX), WALLIX supports more than 1,300 organizations in securing their digital transformation. WALLIX is a founding member of the HEXATRUST group and has been included in the Futur40, the first ranking of growth companies on the stock exchange published by Forbes France and is part of the Tech 40 index.
As users, devices and application workloads move outside the corporate network, the traditional model of enforcing security at the network perimeter is no longer effective. A Zero Trust model offers an alternative that secures data while ensuring it is accessible to employees, regardless of where they are working. But the path to achieving Zero Trust is unclear for many organizations.