Technologies we rely on every day — operational technology and industrial control systems (OT/ICS) — are tempting targets for cyber criminals. OT/ICS power our lights, provide municipal services, and run transportation systems. They operate our country’s weapon systems and make energy production possible.
But according to Chuck Weissenborn, Dragos’ Regional Manager for the Defense Department and Intelligence Community, “although they are incredibly important, until recently, there’s actually been a lack of investment from a cybersecurity standpoint outside of a few key areas.”
He believes government needs a better understanding of OT/ICS risks and how these technologies impact and enable missions. He points out that one of government’s biggest challenges is finding and retaining a talented workforce.
Building a Talented Workforce
OT is not a cookie-cutter field. Each sector requires unique knowledge that isn’t taught to traditional cybersecurity experts, and although there are “pockets of excellence” in the federal OT/ICS space, knowledge depth doesn’t exist across all federal OT/ICS enterprises, he explained.
Government salary constraints make staffing more difficult, and “in the defense field, cybersecurity folks are often put into legacy environments, making it hard to retain talent,” Weissenborn said.
Respecting Flexibility
Because every system is different, officials need to build flexible policies and frameworks and understand, Weissenborn offered, that “at the end of the day, the true subject matter experts are the folks operating systems day in and day out. We’ve got to give them the flexibility to do their job and protect their mission systems.”
Government may prefer large-scale cybersecurity programs, but that’s not what OT/ICS environments really need.
Pursing Network Visibility:
The Foundation for OT Cybersecurity Controls
Through its years of OT and ICS cybersecurity experience, Dragos has identified 5 Critical Controls that help agencies and organizations manage their cybersecurity challenges. The controls include:
- Having an ICS Incident Response Plan
- Maintaining Visibility and Monitoring
- Developing a Defensible Architecture
- Enabling Secure Remote Access, and
- Leveraging Risk Based Vulnerability Management
Before cyber teams can implement the controls, though, they need visibility into what’s happening to and among their OT assets, Weissenborn said. He explained that Dragos offers a variety of solutions to this challenge, including Dragos Platform, which provides hardware and software for continuous monitoring, vulnerability and asset management, and threat detection for industrial networks.
A dedicated Dragos threat intelligence team focuses on OT/ ICS cybersecurity and is available through a service called WorldView. “Customers can actually understand what adversaries are doing,” he said, “and then make informed decisions of where they should invest resources and where they should focus their next threat hunt.”
In addition, a Dragos professional services group helps OT/ICS staff train and conduct incident response, threat hunting, and industrial network penetration testing. It adds up to a more holistic approach to OT/ICS cyber protection, he said.
Whatever a federal OT/ICS entity tries to accomplish, it must be realistic. “Everything needs to be achievable if you want it to happen,” said Weissenborn. “Setting a reasonable goal in the short term helps motivate the organization to continue expanding on programs and policies.”
This article appears in our guide “Bright Ideas for Making Cyber Stick.” To see more about how agencies are implementing cybersecurity, download the guide.