Tuesday, November 14, 2017

Top 5 Predictions for ICS Security in 2018



Nozomi Networks has comprised the top 5 predictions for ICS Security in 2018.

1. ICS malware moves beyond Windows exploits to ICS-specific malware. Up to now, most malware that has infected ICS have used Windows vulnerabilities or protocols to infect and spread. For example, in 2017, WannaCry, Industroyer and Dragonfly 2 all used the Windows protocol, SMB, as a key infection and proliferation mechanism. Malware attacks using OT device software, such as PLC software, will start to occur adding to the sea of Windows-dependent attacks.

2.The cuffs will come off of Internet connectivity for ICS systems as IT technology is increasingly integrated with ICS systems to achieve operational efficiencies.  Progressive companies will implement new technologies and procedures necessary to not only bridge IT and OT, but also to defend their ICS from this source of cyber threats.

3. Artificial intelligence becomes more mainstream for ICS systems to provide next generation security to fight cyber threats. Organizations grappling with ICS cybersecurity staffing and skills shortages are turning to AI solutions to achieve security and productivity goals. AI powered monitoring tools are now able to discover breaches automatically and provide information on remediation.

4. The shortage of ICS cybersecurity skills will open the door for vendors to provide full security services. These services will move beyond risk assessments to become more full service.

5. Security-by-Design will start to improve ICS Security.  Major companies will increase their demands that security be included in new automation equipment purchases; for example, requiring that RTUs have encrypted software. Cybersecurity certification will also rapidly grow and major automation vendors will have their products tested for the ISA Secure certification.

For more, see these books:

Cyber Security for Industrial Control Systems: From the Viewpoint of Close-Loop

Cybersecurity for Industrial Control Systems: SCADA, DCS, PLC, HMI, and SIS