Keywords: Cyber Security, Industry, Critical Infrastructure.
Recent events like Stuxnet and Shamoon have increased concern about the cyber security of industrial control systems. Few systems are sold today without the firewalls and software needed to provide multi-layered defense against cyber intrusions. But, ARC Advisory Group has observed that efforts to protect the enormous base of legacy systems appear sluggish at best.
Pundits offer a variety of explanations and solutions for this apparent apathy. Some argue that industrial managers are still unaware of the risks, so they prescribe more education and encouragement, rather than tangible action. Others recommend more standards and guidelines because they see the problem as an inability to formulate an action plan. Still others think that this behavior is just due to corporate irresponsibility or irrationality, and they call for more stringent regulations and compliance. President Obama's Improving Critical Infrastructure Cybersecurity Executive Order seems to imply that all these gaps exist and all the solutions are needed.
Will any of these suggestions really address the apparent apathy of industrial organizations in dealing with their cyber problems? Or, is apathy actually appropriate when the actual facts are filtered from all the Y2K-style hype? In that case, do we need to accept our vulnerabilities and prepare for periodic cyber events, or should we be considering other preemptive actions? Understanding the true causes and solutions for cyber apathy is critical to ensuring the safety and security of our industrial infrastructure.
ARC Advisory Group clients can view the complete report at this Link.
If you would like to buy this report or obtain information about how to become a client, please Request ARC Info
ARC Advisory Group