Cyber resilience trumps cyber security for industrial control systems
Starting the conversation on the topic of cyber resilience allows one to dodge the preconceived notions associated with cyber security
I was reminded by a customer recently that “Reliability is King”. The context of the conversation was in regard to the frequency of installing Microsoft security patches to the operational technology (OT) environment of a power generation plant. His assessment of risk to operations dictated a hands-off policy resulting in two years of patch Tuesdays having come and gone with no apparent downside to the decision. In his opinion, IT cyber security measures are a greater threat to operations then malicious actors.
I surveyed 200 customers in February to gain insight into their perception regarding the magnitude of the cyber threat to operations. “How many times in the next five years will your plant experience a forced outage due to a cyber incident?”. Implied in the question is the malicious intent of the threat actor to cause harm to the operation. Thirty-one percent (31%) estimated zero (0), forty-six percent (46%) estimated 0-1. Following these results was speaker Mark Bristow of ICS-CERT who profiled 295 reported incidents for the audience. Not to worry though, it won’t happen in power generation.
When I bring up the topic of “cyber security” with those responsible for maintaining ICS I often receive similar feedback. However reliability is threatened by other OT digital hazards that silently or otherwise degrade system performance, going undetected until an operational impact results and the troubleshooting panic ensues. In a study conducted by SecurityMatters and presented at the S4x16 conference, the number of OT digital incidents was 100:1 to cyber security incidents. These incidents would have gone undetected without the visibility afforded by the cyber security measures employed.
The OT and supporting network infrastructure needs to be as resilient to device misoperation, misconfiguration and misuse as the industrial process is to component failure. Implementing a cyber resilient ICS architecture with the instrumentation to detect digital anomalies and aid in rapid response enables reliable operations to continue while the OT is under duress.
Starting the conversation on the topic of cyber resilience allows one to dodge the preconceived notions and/or negative connotations associated cyber security within ICS . It also more closely aligns with the day-to-day reality of an I&C manager and gets the discussion going in the right direction.