President Obama's Executive Order 13636 identified the security of industrial assets as one of the nation's most important challenges. Growing support for the NIST Framework shows that industrial organizations are equally concerned and working to ensure the security of facilities.
Most of these organizations are concerned about securing legacy plant and SCADA systems that were installed before cyber security was a concern and are insecure by design. Most efforts focus on installing and maintaining compensatory controls like firewalls and anti-malware software and managing a never ending stream of software revisions and patches for newly discovered vulnerabilities and threats. The number of systems and vulnerabilities makes this a daunting task and many organizations are actively working on plans to overcome resource limitations.
While resolving the current situation is critically important, focusing all cyber security planning efforts on legacy problems is like "driving the car with only the rearview mirror." Organizations also need to look ahead and ensure that their strategies anticipate coming developments like mobility, the Internet of Things, and cloud computing. Business managers are already redesigning processes to exploit these new capabilities and automation suppliers are incorporating them into new system designs.
Prudent cyber security professionals will recognize the impact this will have on cyber security strategy and the need for new approaches to man-age cyber security. ARC believes that this will require organizations to make several strategy adjustments including:
- Extending the scope of industrial cyber security to include external systems and remote devices
- Shifting the focus of security strategies from protecting systems to managing devices
- Transitioning from building stronger cyber silos to developing broad-based IT-OT Security Networks
- Embedding security-by-design principles in the people, processes, and technology used throughout the organization and its cyber asset supply chains
Table of Contents
- Executive Overview
- New Challenges for Industrial Cyber Security
- A Secure Future Requires Shifts in Perspective and Focus
- Establish a Broad-based IT-OT Strategy
- Focus on Cures, Not Remedies
- Embrace the Opportunity for Better Security
ARC Advisory Group clients can view the complete report at this Link.
If you would like to buy this report or obtain information about how to become a client, please Request ARC Info
Keywords: Cyber Security, Internet of Things, Cloud Computing, Security Strategies, ARC Advisory Group.