Most industrial organizations are behind the curve when it comes to cybersecurity, facing mounting complexities like the IIoT, the skills gap and the IT/OT divide. But what about industrial organizations that are already taking steps in the right direction and need to know what awaits them on the horizon? What practical next steps can your organization take to optimize your current ICS cybersecurity program? What new threats and trends are emerging that you can get in front of now in order to meet the future well-prepared?
These were the questions that a Tripwire sponsored webcast answered on November 12th, 2019. The webcast was moderated by Tripwire’s Tim Erlin and included Kristen Poulos, VP for Belden’s Industrial Cybersecurity; Matthew Luallen, executive inventor of CYBATI and certified instructor for the SANS Institute; and Joseph Blankenship, VP Research Director for Security and Risk at Forrester, as speakers.
The three panelists focused on four themes: visibility, network segmentation, defense and response, and responsibility and accountability. Here is their advice.
Visibility, the need to understand what is in your environment, is a critical topic not only for industrial cybersecurity but also for all IT security because it allows the organization to understand their environment and the assets attached to this environment. Focusing on the ICS environment, having visibility into your assets is crucial because many ICS assets can create threats and vulnerabilities to other assets within your organization. It is therefore important to understand the vulnerable nature of those assets to implement the appropriate security strategies and policies to mitigate these vulnerabilities.
In addition to asset discovery, visibility is important to understand the network traffic between your assets as well to be able to shut down any data flows that are not legitimate. How do you know if data (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Anastasios Arampatzis. Read the original post at: https://www.tripwire.com/state-of-security/ics-security/from-good-to-great-building-on-ics-security-basics/