By IoT/IIoT/ICS/SCADA Collaboration Co-chairs Tom Smertneck & Paul Veeneman
August 11, 2022
The Industrial Cyber Security track of this year’s Cyber Security Summit will showcase thought leaders, strategies, opportunities, and business cases of implementing Industrial Cybersecurity solutions across the broad spectrum of critical infrastructures. Cyber Security decision makers and practitioners will present, evaluate, and discuss security risks in the context of IoT/IIoT/ICS/SCADA. Executive Orders have instructed Industry and Government to ensure critical infrastructure is accurately inventoried, monitored, and suitable tactics are developed to make the nation more secure.
Eyes Wide Open is this year’s Cyber Security Summit theme, mantra, and indication where the nation, nay the world, stands against a plethora of criminally creative individuals, RaaS group(s) (Ransomware-as-a-Service) and, inevitably, nation-state threat actors. As such, we all must be more attentive to the state of our personal, small, medium, and corporate businesses’ cybersecurity postures, procedures, and plans for continual reinforcement. Ever vigilant might be a secondary theme & mantra!
CRITICAL INFRASTRUCTURE SECTORS
CISA has defined our nation’s critical infrastructure sectors as follows (Critical Infrastructure Sectors | CISA), these are not in any rank order, only alphabetical:
Our North Central Region, aka Western Great Lakes, is industrially comprised of all the CISA Critical Infrastructure sectors and also includes governmental critical infrastructure in the 7th and 8th District Courts of Appeals governing Illinois, Indiana, Wisconsin (Seventh), and Arkansas, Iowa, Minnesota, Missouri, Nebraska, North Dakota, South Dakota (Eighth by Saint Louis and Saint Paul).
A common condition and set of challenges faced by all governance individuals and bodies in these sectors relates to available and capable resources in their enterprise (administrative and facilities), and production environments.
A ramification of the tragedy of SEP 11, 2001, is that cybersecurity responsibility was laid upon Enterprise IT (Information Technology/Information Security) despite their lack of understanding about the different and non-trivial connectivity, command, control and communication architectures, methodologies, protocols, training, and experience required to support and secure operational networks in the production/manufacturing and facility physical-cyber segments of their company’s operations.
As a result of the increasing number of cyber-physical incidents there is clearly a need for all small, medium, and corporate businesses to improve their cybersecurity resources. This improvement will need to be multispectral and include the following aspects:
• Reorganization of existing cybersecurity teams with both Enterprise IT and Facility/Production OT resources (aka controls technicians/engineers, automation technicians/engineers, with knowledge of both enterprise IT networks and OT controls networks)
– Reorganization by retraining, realignment, and reassignment or, by hiring of new resources open to retraining and cybersecurity teamwork
• Cross-training of resources to create more effective cybersecurity teams
– Establish continued cyber range exercises that are based upon findings from risk assessments and architectural change explorations
• The training should be based upon the global horizontal cybersecurity standard known as IEC 62443. This standard is multifaceted and applicable to end-users, equipment OEMs and software vendors or SVARs.
It’s understandable that with these complex challenges most businesses have been in Eyes Wide Shut mode. This year’s Industrial Critical Infrastructure session will give us a great opportunity to start working collaboratively to improve our collective national critical infrastructure cybersecurity and ensure we move ahead with Eyes Wide Open.
Strategy and Business Development Consultant, Manufacturers Representative, Energy Aspects LLC
Connector of ideas, people and “dots” | Catalyst for innovative solution creation & delivery | focus on industrial cybersecurity and condition monitoring solutions for critical infrastructure.
President & COO, Beryllium Infosec Collaborative
With over 25 years of experience across various industries including Finance, Oil and Gas, Healthcare and Manufacturing, Paul has been actively working within the Nation’s critical infrastructure, addressing challenges, providing guidance, insight and innovation in Operations Technology, Industrial Controls, IoT, IIoT, SCADA cyber security knowledge, expertise, and education.