Ann Arbor, Michigan (June 11, 2020, with release July 24, 2020) – “The NSA recently issued an advisory for critical infrastructure OT & ICS to be aware of an increase in threats, prioritize #cybersecurity defenses and take action to secure systems. Learn more about common threat vectors & #icssecurity challenges from Pascal Ackerman, author of Modern Cybersecurity Practices: https://lnkd.in/eA2jqtA“
#infosec #otsecurity #operationaltechnology
In this three-part audio series, we’ll share some insights from a cybersecurity professional with 18 years of experience in industrial network design and support, information and network security, risk assessments, pentesting, threat hunting, and forensics.
Blumira’s Account Executive Mike McCarthy interviewed Pascal Ackerman, the author of a new book, Modern Cybersecurity Practices: Exploring And Implementing Agile Cybersecurity Frameworks and Strategies for Your Organization. Ackerman is also Managing Director of Threat Services at ThreatGEN.
Check out the first video in Building a Cybersecurity Program: Modern Cybersecurity Practices, Part 1.
In this second video, they discuss common threat vectors and challenges with security in the industrial control systems (ICS) industry and more broadly. Listen to the full audio interview here:
Here’s a summary of a few of the questions and answers that may provide value when considering your organization’s overall security strategy:
What aspects of the book are the most relevant now, given this new security landscape that we’re in?
The threat hunting and security monitoring part is most relevant, as you have to keep your eyes open as more and more people are connecting remotely to your network and bring in untrusted network connections and untrusted devices – it’s more prudent than ever to monitor malicious activity.
What are some of the unique cybersecurity problems or challenges that the industrial control systems (ICS) industry faces?
When comparing IT (information technology) to OT (operational technology), if something goes wrong on the IT side with cybersecurity, you might have a database that is compromised or credit cards that are leaked. You might have downtime on your web portal and can’t sell your product.
But depending on where an attacker attacks (either an ICS or OT system), you can get physical damage up to and including personal injury and death – because we’re talking about machinery that runs robots that weld together cars. If anything goes wrong with that due to cybersecurity, people might die – and that’s a major difference, as the stakes are higher.
The equipment tends to be older in this industry because a lot of automation equipment was bought decades ago and it’s expected to run another 10 to 20 years. Combined with old technology and lack of downtime, it’s really hard to do patching for basic security.
Threat detection is a major area for improvement, especially given the current COVID and BYOD (bring your own device) landscape. What are some of the ways that you’ve seen attackers try to infiltrate networks, both generally and for the industrial space?
This applies to all general industries and the industrial network as well – it is still spear or phishing attacks. If you get an email or Word document with an attachment or redirection to a malicious website, you can get compromised because you click the wrong link. From there, the ultimate goal of the attacker could be to spread ransomware or infiltrate your systems and exfiltrate some of your proprietary data.
The same mechanism allows attackers to get a foothold into what I call the enterprise side of an industrial business, then move their way over to the industrial side. A good, well-defined system will have some sort of boundary between their enterprise industrial systems. An attacker would need a foothold into the enterprise or business side, then move laterally into the industrial.
Another method includes using Shodan to search for open ports and a certain IP address. Once you find that, you can open up your programming software, connect to the internet-facing board and use their control system.
What are attackers still targeting the enterprise side, and not industrial?
It may be because it gives attackers more control over an entire network. If you do a Shodan search, you most likely end up with a single controller or a single HMI (human machine interface). If you go from the enterprise side, you have control over the whole network.
Stay tuned for part 3 of the interview, coming next week!
At Blumira, our passion for IT security is more than skin deep; we’re highly motivated to help our customers by not only offering a solution to cybersecurity threats, but raising the standard of the industry.
Blumira’s cloud-based cybersecurity solution streamlines threat detection, enables true disruption of real-time threats, and costs less than traditional cybersecurity products. With Blumira, IT teams get actionable information and clear guidance from the start, all within a customizable dashboard.
The extensive knowledge and expertise of our team spans two decades of working in IT security services. This has allowed us to develop a proactive threat disruption solution that is unmatched by any other cybersecurity solution on the market. Built and maintained by an expert team dedicated to next-level security, you can trust us to have your back.
For further sales information, send an e-mail to firstname.lastname@example.org.
(877) BLUMIRA | (877) 258-6472
Original post from Blumira’s website.
Founded in Sugar Land, Texas in 2017, ThreatGEN delivers a solution to bridge “the ICS Cybersecurity skills gap” utilizing its Red vs. Blue Academy and ThreatGEN OT Security Services. Red vs. Blue Academy uses cutting-edge computer gamification in ThreatGEN™ Red vs. Blue to provide an exciting & modernized approach to industrial cybersecurity training, both practical and cost effective! ThreatGEN OT Security Services are delivered worldwide by world-renowned Operational Technology (OT) cybersecurity experts (we literally wrote the books industry uses) using strategically chosen partnerships to create a holistic service offering.
Company website: https://ThreatGEN.com
For further information
For further sales information, send an e-mail to email@example.com.
Derezzed Inc. D/B/A ThreatGEN
140900 Southwest Freeway #300
Sugar Land, Texas 77478
#OT #Cybersecurity #Training #ThreatGEN