Industrial control systems (ICS) cybersecurity has been a subject of discussion for several years. It is now generally accepted that all asset owners should make protecting these systems from malicious software and deliberate attacks a high priority. Moreover, a wealth of information (standards, recommended practices, and other guidance) is available detailing what should be included in a comprehensive cybersecurity management system.
Beyond the fundamentals of identifying and characterizing normal asset operation, much of this information focuses on risk management. Those responsible for protecting systems must identify and understand threats, mitigate known vulnerabilities, and identify potential consequences of attack. Consequences can be theoretical, but the maximum benefit comes from having realistic scenarios based on actual experience.
Where Are the Cybersecurity Case Studies?
Most would agree that there are real benefits from learning from the experience of others. This is the basis of benchmarking exercises in many other areas. Unfortunately, there has been considerable reluctance among asset owners to share information about certain elements of cybersecurity risk. While suppliers and researchers often share information about threats and vulnerabilities, asset owners are often unwilling or unable to share details of their response for fear of having this information fall into the hands of attackers.
While this is certainly a valid concern when talking about details, it is possible to obfuscate many of these details to create general case studies that still have significant learning value.
End Users Share Their Cybersecurity Case Studies at ARC Forum
ARC Advisory Group is actively helping asset owners to share their success stories in many ways, including presentations and panel discussions at the 2018 ARC Industry Forum in Orlando, Florida, Feb. 12-15. In addition to our series of cybersecurity workshops on Monday, February 12, there are several cybersecurity case studies and presentations scheduled in our cybersecurity track throughout the week. These presentations cover a broad range of industries from power transmission and utilities to smart cities, refining, and oil and gas. For more information on our the forum or our cybersecurity workshops and sessions, please email Mark Luciw at firstname.lastname@example.org.
By shifting the conversation from what should be done to what has been done and proven effective, we can advance the state of our security as a community.
If you would like to buy this report or obtain information about how to become a client, please Contact Us
Keywords: Case Studies, Cybersecurity Management, Metrics, Successes, Use Cases, ARC Advisory Group.