Exploring Information Security

View Original

The Crucial Gap in Control Systems Security: A Deep Dive with Joe Weiss

Summary:

In this compelling episode of the Exploring Information Security podcast, we sit down with Joe Weiss, a seasoned expert in control systems security, to unravel the complexities and challenges facing the security of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems today.

Key Topics Discussed:

  • Understanding SCADA/ICS: Joe Weiss provides an in-depth explanation of what SCADA and ICS are, emphasizing their critical role in monitoring and controlling physical processes across various industries, from utilities to manufacturing.

  • The Security Gap: Weiss outlines the fundamental security gap existing between traditional IT cybersecurity measures and the unique needs of control systems. He highlights the dire consequences of neglecting the security of these systems, including potential physical damage and disruptions to critical infrastructure.

  • Bridging the Divide: The conversation delves into the challenges of bridging the knowledge and communication gap between IT professionals and engineers. Weiss stresses the importance of integrating engineering insights with cybersecurity practices to protect control systems effectively.

  • Historical Oversights and Current Challenges: Reflecting on over two decades of experience, Weiss discusses how historical oversights and the prioritization of IT security have led to vulnerabilities in control systems. He calls for a paradigm shift in how organizations and governments approach the cybersecurity of physical infrastructure.

  • Future Outlook and Solutions: Looking ahead, Weiss offers insights into the future of control systems security, advocating for education, awareness among senior management, and the need for a holistic approach that encompasses both the digital and physical aspects of security.

Episode Highlights:

  • A Call to Action for Senior Management: Weiss underscores the critical need for senior management in both the private and public sectors to recognize the existential threat posed by inadequate control systems security.

  • The Importance of Engineering Knowledge: The discussion emphasizes the need for cybersecurity professionals to possess a foundational understanding of engineering principles to secure control systems effectively.

  • Practical Steps Forward: Weiss suggests practical steps for improving the security posture of control systems, including enhancing cross-disciplinary education, fostering collaboration between IT and engineering teams, and adopting security measures tailored to the unique characteristics of control systems.

Resources:
Blog: Control Global - Unfettered

Applied Control Systems

Contact Information:

Leave a comment below or reach out via the contact form on the site, email [timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]

Your browser doesn't support HTML5 audio

The Crucial Gap in Control Systems Security With Joe Weiss

See this form in the original post