Security issues are still facing ICS and SCADA systems, it is claimed, ahead of SANS’ 2014 European ICS Security Summit.
Michael Assante is SANS project lead for Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) security. He says: “We are starting to see ICS capable threats and a series of incidents that have been specifically targeted against ICS environments.
“There is now a greater ICS connectedness to business, third-party networks and cloud services that can be exploited by attackers [while the sector still] lacks integrated engineering, ICS technical and cyber security specialists to reduce the attack surface and implement monitoring and effective response capabilities.” Assante was previously Vice President and Chief Security Officer of the North American Electric Reliability (NERC) Corporation, where he oversaw industry-wide implementation of cyber security standards across the continent.
In Assante’s opinion, the attacks are becoming more organised as higher profile incidents are being reported and threats discovered. “The recent Havex trojan had an ICS module and was deployed by compromising ICS supplier webpages. Industry will need to assign the responsibility of ICS security and develop and equip multi-discipline teams to harden their environments and develop effective security operations,” says Assante, but adds, “many are at the early stage of trying to identify all of their ICS assets and assign responsibility.”
Assante believes that governments are finally “getting their hands around the issues and the reasons why the market is driving certain behaviour” and applauds the free resources available to help develop security efforts. “More can be done in the form of shared research and resources and effectively disseminate information regarding vulnerabilities and threats,” he adds.
As the ICS lead for SANS, Assante is helping to shape the upcoming SANS 2014 European ICS Security Summit in Amsterdam, on September 21 and 22. The summit covers new threats, initiatives, and protection strategies.
At the heart of the event is ICS410: ICS/SCADA Security Essentials, a five-day training course of standardised skills and knowledge for industrial cyber security. The course has evolved since its creation, “The ICS410 course has always had a ‘defenders’ focus, teaching both engineers and cyber security professionals how to build an effective security program that works in the challenging application of control system technology to production environments,” says Assante, “Expert and student feedback has helped the course authors provide detailed methods and specific knowledge to help students overcome real world ICS security challenges.”
“This course is the ideal preparation for the Global Industrial Cyber Security Professional (GICSP) certification. The GICSP is used to certify ICS security essentials for Engineering, Operating Technology and Cyber security specialists. These are the teams and right mix of competencies that will make a difference,” Assante adds.
For more on SANS’ 2014 European ICS Security Summit or to register, visit: http://www.sans.org/info/166502.
