'
Critical Infrastructure Security

2024 ARC Forum – Industrial Cybersecurity Today and Tomorrow – ARC Advisory Group

author
4 minutes, 5 seconds Read

Keywords: ARC Industry Forum, Industrial Cybersecurity, Critical Infrastructure, OT, Workshops, CISA, ARC Advisory Group.

Overview

Several hundred people attended the Industrial Cybersecurity – Today and Tomorrow workshop at the 2024 ARC Forum in Orlando, Florida. This informative session provided attendees with an update on the many developments impacting critical infrastructure security. It also served as the kickoff for a full day of industrial cybersecurity presentations and panel discussions. 


Security Marketplace- Join Now!

The session started with a presentation by ARC vice president and cybersecurity practice leader Sid Snitkin that discussed ARC’s 2023 research on the impact of cyber-related disruptions of industrial operations, new cybersecurity regulations, and new technology developments on the user market for cybersecurity solutions and services. 

A presentation by Jason Burt and Gary Hopewell, representatives of the US Cybersecurity and Infrastructure Security Agency (CISA), followed and provided insights on today’s threat landscape and recent ransomware incidents. They also described how CISA’s critical infrastructure cybersecurity support capabilities and programs have significantly increased. 

Trends and Developments in Industrial Cybersecurity

ARC’s presentation highlighted some noteworthy developments that occurred in industrial cybersecurity during 2023. This information reflected findings from ARC’s ongoing research with end users and providers of cybersecurity solutions and services. 

Industrial Cybersecurity Challenges Grow

Cybersecurity has always been a challenge for industrial facilities and the upsurge in cyber-related operational disruptions, political unrest, and new cybersecurity regulations have become major concerns of top executives across the industrial landscape. This has prompted more CISO involvement in OT cybersecurity and restructuring to better address underlying weaknesses in OT cybersecurity people, processes, and technologies. Suppliers of cybersecurity products have responded with new offerings tailored towards incident management, threat detection and regulatory compliance support. Likewise, suppliers of cybersecurity services have developed more flexible offerings to help companies build and manage IT/OT SOCs that can quickly detect and recover from sophisticated attacks on systems that are vital to operations. 

Following are some key ARC research findings highlighted in this session:

Incidents and Implications

  • Colonial Pipeline, Water Systems, Power Systems, Aliquippa Water System, etc.

  • While some incidents involved OT compromises, the vast majority were limited to IT applications that are needed for meaningful operations. 

  • While good OT cybersecurity is essential, it isn’t enough to prevent operational disruptions. Cyber resilient operations require broad-based security across IT and OT.

New Regulations and Compliance Requirements

  • New cybersecurity regulations in USA, Europe, Australia, etc. with mandatory compliance requirements. 

  • Significant fines for non-compliance and increased compliance reporting.

  • SEC increased cybersecurity reporting requirements. 

  • Court cases suggested that top managers will be facing more liability for cybersecurity incidents.

Cyber Risks of Digitalization Programs

  • IoT devices, cloud and edge solutions, and connected workers are continuing to expand the attack surface.

  • AI is expanding the scope that industrial cybersecurity teams will need to address.

Changes in OT Cybersecurity Strategies and Programs

  • Risk Management

    • Increased interest in integration of IT, OT, and safety cyber risk management.

    • Increased focus on making operations maximally resilient to cyber-attacks.

  • Program Management

    • Increased number of programs focused on converging (integrating) IT and OT cybersecurity programs.

    • Increased CISO oversight of security across all corporate systems and operating facilities. 

    • More targeted, agile deployment of cybersecurity resources to the company’s most critical issues.

Changes in User Cybersecurity Interests and Needs

  • Cybersecurity platforms that facilitate efficiency and solution rationalization.

  • Automation of security tasks and reduced need for cybersecurity expertise. 

  • Solutions that support new compliance requirements monitoring and reporting.

  • Visibility with context that facilitates rapid response to suspicious events.

  • Networking with isolation and virtual patching of individual assets.

  • More comprehensive and flexible service offerings.

Changes in Industrial Cybersecurity Solutions

  • Visibility Solutions – Asset Inventory

    • More comprehensive coverage of assets – (IT, OT, IoT, IIoT, and IoMT).

    • More complete asset coverage for network segments without firewalls.

    • More detailed information about assets – Passive and Active Scanning, Agents.

  • Network Security Solutions

    • More granular segmentation capabilities (micro-segmentation)

    • More granular policies – users, devices, and protocols.

    • Enhanced NGFWs with Industrial Protocol support, virtual patching, zero trust.

  • Secure Connectivity Solutions

    • Enhanced Secure Remote Access that supports OT-specific requirements.

    • IoT Gateways for collecting, transforming, and securely sharing OT data.

  • Visibility Solutions – Anomalous Behaviors

    • Use of AI/ML to reduce false positives.

    • New solutions that detect anomalous user and process behaviors.

    • Increased interest in industrial decoys (PLCs, HMIs, etc.) to trap attackers.

  • Vulnerability Management

    • Consolidation of security management capabilities and use of SaaS solutions to reduce costs and complexity. 

    • Expansion in risk factors and techniques like attack simulation to focus efforts. 

    • Broader support for IoT firmware, passwords, certificate management.

    • More emphasis on operational resilience and backup management.

  • Threat Management

    • Better alert contextualization based on user role, Purdue model, connectivity, etc. 

    • More focused use of AI/ML, analytics, event correlation, etc. to accelerate response.

    • More features for efficiency and reduced need for cybersecurity expertise.

    • ETHOS open-source consortium for broader sharing of threat information.

 

ARC Advisory Group clients can view the complete report at the ARC Client Portal.

Please Contact Us if you would like to speak with the author.

You can learn more about cybersecurity at Industrial Cybersecurity Market Analysis Research

This post was originally published on the 3rd party site mentioned in the title of this this site

Similar Posts