industrial security may benefit from listening to the data
Growing into the field of industrial control systems (ICS) or operational technology (OT) security has been an exciting journey. As the field continues to be relatively young and we observe how the challenges become gradually more complex, every day brings new questions and issues to address.
However, if there is one single important topic that I feel has been largely ignored across this specialized community, it is data. As we continue to search for ways to protect organizations from cyber physical attacks, it is important to remember that data can be very powerful when we work with it properly. That is, when we understand what information can help us make better decisions, how can we collect it, and how can we communicate it so that it benefits our peers.
Gladly, as we observe the journey of the industrial security market into maturity, data is playing an increasingly important role. Newly released security products are notoriously struggling through the process of collecting, processing and sharing information. Researchers are beginning to identify and consolidate sources of data for their organizations and other peers to share and repurpose.
From my side, I have been able to design and collaborate in some projects that illustrate this value. While I cannot share unfortunately the wonderful projects I am working on at the moment, I thought it was possible to share some thoughts based on blogs that my team has recently released.
Call to Action: Mobilizing Community Discussion to Improve Information-Sharing About Vulnerabilities in Industrial Control Systems Critical Infrastructure: This academic research paper I presented in Cycon 2019 shares the value of user-centered design based on the inputs from a survey distributed across the industry to learn about information sharing and ICS vulnerabilities. The insights are nothing but hints into what cwe could do to address major challenges in sharing and consuming data related to OT security.
ICS Tactial Security Trends: Analysis of the Most Frequent Security Risks Observed in the Field: This blog post exemplifies the useful insights we were able to obtain and share by restructuring the data we acquire from industrial healthchecks, and being able to describe from a strategic level which were our observations.
Monitoring ICS Cyber Operation Tools and Software Exploit Modules to Anticipate Future Threats: This blog post illustrates our analysis based on the collection of data accross multiple sources on software exploit modules and tools specifically intended to interact with OT equipment.
The FireEye OT-CSIO: An Ontology to Understand, Cross-Compare, and Assess Operational Technology Cyber Security Incidents: This blog post illustrates the process followed to determine a methodological process to categorize and analyze incident trends.
As we have continuously worked on these types of projects, it becomes every time more obvious to me that data on industrial security is a gold mine. Those who take the time to identify where to obtain it from, how to obtain it, and how to distribute those collections are likely to get lucky during the next couple years.
Comments