Two Reasons for the ICS Cybersecurity Deficiency
When it comes to industrial cybersecurity; governments know they need to improve it, industry knows it needs to better understand it, and system integrators/automation vendors know they need to offer it. If you fall within any of these categories, ask yourself “What’s your industrial cybersecurity strategy for 2017?”
The truth is that while the need for cybersecurity is very apparent, enterprise and industrial networks alike are still often managed without a cohesive security strategy. And, even after many years of being an acknowledged problem, integrated solutions are not in sight. What’s the reason? Well first and foremost is a lack of expertise in the workforce. Secondly, today’s technologies have focused on modularized solutions for either the enterprise network or the industrial environment; without paying attention to the integration between the two.
Problem #1: “Want a Job? Look No Further than Cybersecurity.”
The reason for the cybersecurity deficiency is largely attributed to a general expertise shortage of skilled workforce. According to Gartner’s most recent projections, there were more than 209,000 unfilled cybersecurity jobs in the U.S. in 2016; up 75% from 2015. When looked at globally, that number is greater than one million. With the huge demand for cybersecurity professionals, even the world’s largest banks, energy companies, and governments can’t seem to find them.
Despite the high unmet demand for cybersecurity talent, the market for cybersecurity solutions continues to grow. According to the same Gartner projections, the industry is expected to continue its growth from $75 billion in 2015 to $170 billion by 2020. It appears that nearly all sectors of the economy will have to find innovative ways to grow their OT/IT cybersecurity capabilities with a shortage of talent.
Innovative cyber tools must lead the way by automating learning of baseline behaviors, network monitoring, and cybersecurity management so that few may do the work of many, for both corporate and Industrial Control System (ICS) security.
Problem #2: “OT or IT? Siloed Cybersecurity Doesn’t Work.”
While the staggering number of unfilled jobs speak for themselves, technology is partially to blame for the cybersecurity deficiency that many companies and governments face today. This is especially true in non-enterprise sectors such as utilities, oil and gas and industrial manufacturing.
In my career in both industrial and enterprise networking, I have had the privilege (and pain) of seeing cybersecurity addressed from two divergent spaces. From both directions, cybersecurity has been shortsighted by an approach that limits the focus to the reach of each group’s network domains. The reason for this shortcoming is that both the industrial automation space (OT) and the enterprise software space (IT) are being forced to connect with one another in terms of solutions delivery, operations management and customer outreach; but security integration has not always followed suit.
Automation and Integration are the Keys to Effective Cybersecurity
As the backbone of critical infrastructure, ICSs are ubiquitous in all industries including transportation, water/wastewater, energy and many more. With this said, threat management needs to scale to endpoints throughout the industrial network – such as sensors, PLCs, data loggers, and HMIs. Furthermore, as the use of desktops, laptops, tablets, and smartphones have come into play, the reach of the ICS domain has grown rapidly. A solution that combines automated anomalous detection of ICS security issues, along with proactive threat remediation and containment, is required if security is to scale beyond the OT / IT divide.
When it comes to cybersecurity, less attention needs to be paid to the categorization of OT vs. IT, and more on holistic integration between the two. Leaving ICS without highly-scalable, automated, real-time cybersecurity visibility means that many of our largest industries and government services will continue to be vulnerable to cyber threats.
The good news is that innovative ICS cybersecurity solutions exist that help reduce the cybersecurity labor gap by using automated Machine Learning and rapid evaluation of data using Artificial Intelligence. Such tools meet the unique needs of securing industrial networks and processes yet integrate with IT security infrastructure to bridge the OT/IT divide.
When looking for ways to secure industrial networks be sure to seek solutions that address the ICS cybersecurity deficit by reducing manual work, simplifying security processes and integrating with your organization’s overall security systems.
The article was written by Thomas Nuth, Director of Product & Solutions at Nozomi Networks. He has an extensive background in Industrial IT, middleware and software technologies. Thomas brings a unique vertical perspective of OT/IT applications of security and networking technology.