How to Get Into Control Systems Security

Summary:

In this episode, Mike Holcomb discusses the intricacies of Industrial Control Systems (ICS) and Operational Technology (OT) security. Michael provides a comprehensive overview of the challenges and strategies associated with securing ICS and OT environments.

Episode Highlights:

  • Michael discusses the evolution of the Bsides Greenville event, emphasizing the incorporation of OT topics and the balance they aim to maintain between IT and OT content.

  • Michael shares insights into the unique cybersecurity challenges faced by different sectors, including manufacturing and power plants.

  • A deep dive into network architecture in ICS environments reveals the importance of segmentation and controlled access between IT and OT networks.

  • Michael emphasizes the critical nature of asset management and network monitoring in maintaining security in ICS environments.

  • The conversation also covers the increasing convergence of IT and OT systems and the implications for security.

  • Michael touches on the impact of ransomware on ICS environments and the need for robust incident response plans.

Guest Biography: Mike Holcomb is a seasoned expert in ICS and OT security, with extensive experience in developing and implementing security strategies in some of the world's largest industrial environments. He has contributed significantly to the field through education and practical solutions to enhance infrastructure resilience.

Resources Mentioned:

  • Mike Holcomb’s website

    • Free eBooks - Mike mentions that he has written free eBooks on getting started in ICS and OT cybersecurity, tailored for those coming from IT backgrounds and those from engineering or automation backgrounds.

  • YouTube Course - A free 25-hour course available on YouTube, designed to help beginners in ICS and OT cybersecurity.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email [timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]


The Crucial Gap in Control Systems Security: A Deep Dive with Joe Weiss

Summary:

In this compelling episode of the Exploring Information Security podcast, we sit down with Joe Weiss, a seasoned expert in control systems security, to unravel the complexities and challenges facing the security of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems today.

Key Topics Discussed:

  • Understanding SCADA/ICS: Joe Weiss provides an in-depth explanation of what SCADA and ICS are, emphasizing their critical role in monitoring and controlling physical processes across various industries, from utilities to manufacturing.

  • The Security Gap: Weiss outlines the fundamental security gap existing between traditional IT cybersecurity measures and the unique needs of control systems. He highlights the dire consequences of neglecting the security of these systems, including potential physical damage and disruptions to critical infrastructure.

  • Bridging the Divide: The conversation delves into the challenges of bridging the knowledge and communication gap between IT professionals and engineers. Weiss stresses the importance of integrating engineering insights with cybersecurity practices to protect control systems effectively.

  • Historical Oversights and Current Challenges: Reflecting on over two decades of experience, Weiss discusses how historical oversights and the prioritization of IT security have led to vulnerabilities in control systems. He calls for a paradigm shift in how organizations and governments approach the cybersecurity of physical infrastructure.

  • Future Outlook and Solutions: Looking ahead, Weiss offers insights into the future of control systems security, advocating for education, awareness among senior management, and the need for a holistic approach that encompasses both the digital and physical aspects of security.

Episode Highlights:

  • A Call to Action for Senior Management: Weiss underscores the critical need for senior management in both the private and public sectors to recognize the existential threat posed by inadequate control systems security.

  • The Importance of Engineering Knowledge: The discussion emphasizes the need for cybersecurity professionals to possess a foundational understanding of engineering principles to secure control systems effectively.

  • Practical Steps Forward: Weiss suggests practical steps for improving the security posture of control systems, including enhancing cross-disciplinary education, fostering collaboration between IT and engineering teams, and adopting security measures tailored to the unique characteristics of control systems.

Resources:
Blog: Control Global - Unfettered

Applied Control Systems

Contact Information:

Leave a comment below or reach out via the contact form on the site, email [timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]