The Industrial Control Systems Working Group (ICSJWG) is meeting in Cincinnati this week.
Security conversations with OSIsoft customers, partners and industry subject matter experts have been excellent! In private we hear many corporations struggling with security programs. Stories about actual incidents that used to be rare are becoming more common. To mimic today’s keynote presenter Robert Lee of Dragos Security, threat activity groups targeting industrial networks are real jerks!
Rob suggests implementing a solid data collection strategy for your industrial networks. Also note Microsoft's Jessica Payne published articles about building the attackers playground. You don’t get to choose if you will get attacked or not but you do have control over the target environment.
Given today’s threat landscape patch management is common element of your security program. My presentation at ICSJWG focused on patching from the perspective of our overall ecosystem, standards, regulations, and emerging trends. There are many pro and con observations about patching ICS, however it seems almost certain the status quo is changing.
You can view the prezi here. A shameless nudge from INL's Andy Bochman to spark interest.
Thanks to those who attended ICSJWG in Cincinnati and the interesting conversations!