When I first became interested in ICS/OT cybersecurity, it was 2010 and news about Stuxnet had been made public. Stuxnet was a piece of malware designed to infiltrate a uranium enrichment facility in Iran and physically destroy the enrichment centrifuges used to ultimately make nuclear warheads. Stuxnet was not only a technical marvel, but it was also the first known piece of malware to target Industrial Control Systems (ICS)/Operational Technology (OT).
ICS and OT systems are computers that move things in the real world. From power plants that generate the electricity and water treatment facilities that are responsible for clean drinking water to factories that turn out insulin injections and commuter rail that gets people to and from work safely, ICS/OT systems power the world around us.
Fast forward to 2023 and these specialized types of systems are under more cyberattacks than ever before. The number of attackers has increased, leading to a continued increase in attacks which threaten to take these unique facilities offline.
If a cyberattack took a plant offline for three hours, we could make do.
But what about three days? Or three weeks? Three months?
When we start to realize the impact of losing any of these environments, the consequences to the world around us increase substantially. This is one of the main reasons I started recently posting on LinkedIn, to raise awareness of the need for cyber resilience in industrial sites that the people depend on to live their lives.
I have been very fortunate to be able to have some great conversations over the last couple of months since starting to actively post, being able to share with others and learn even more in return!
For those that are interested in learning more about ICS/OT cybersecurity, here are the top 10 posts I have written based on the number of views:
- Connecting Active Directory in your IT environment with your ICS/OT environment? Just don't do it!
https://rb.gy/6md81 - What is the main focus for cyber security between ICS/OT and IT?
https://rb.gy/vk2a9 - ICS/OT Cyber Security Certification Paths
https://rb.gy/8vubf - My Top 5 Sources for ICS/OT (& IT) Cyber Security Vulnerabilities
https://rb.gy/z0qka - Nmap scanning for ICS/OT Networks
https://rb.gy/nxuhq - Looking for resources to get started in ICS/OT Cyber Security?
https://rb.gy/h0v4g - What the heck is... the Purdue Model in ICS/OT cybersecurity?
https://rb.gy/wo35c - Top 10 ICS/OT Cyber Security Controls
https://rb.gy/s3t4b - Mandatory Reading: The Verizon Data Breach Investigations Report
https://rb.gy/e3qed - How to talk to the business about cyber security in ICS/OT?
https://rb.gy/te3em
Thank you for taking the time to read this article, which I hope has helped in spreading the word on the need for ICS/OT cybersecurity! If you ever have questions about ICS/OT (or IT) cybersecurity, please do not hesitate to reach out on LinkedIn: linkedin.com/in/mikeholcomb.
For more on this topic, register to attend the SecureWorld Manufacturing virtual conference on August 23rd. Registration is free, and attendees can qualify for 5 CPE credits. See the agenda here.
