Join the Portland ISA chapter online to learn about the cybersecurity (or lack thereof) of industrial control systems in critical Infrastructure has always been an open secret. Back when OT systems were disconnected from the rest of the Enterprise, there was some advantage of the ‘air-gap’, and ‘security by obscurity’ due to custom-built hardware & software in conjunction with proprietary protocols. Further, criminals had other softer targets so unless an organization had to worry about IP-theft or (limited, mainly NERC-CIP in Power) regulations, most firms didn’t have to worry about the lack of even basic security defenses in OT such as authentication, encryption etc.
All that is history. The interconnectivity brought by increased digitization and Industry 4.0, mixing networks with IT systems (ERP, Billing etc.) meant that OT and the increasing IoT implementations pose a significant risk to organizations, as demonstrated in recent high-profile Ransomware and APT activity. Therefore Security & Visibility solutions such as those provided by Nozomi Networks that are purpose-built for OT and IoT systems are now utilized for maintaining accurate asset inventory, identifying key vulnerabilities and monitoring the active threat landscape as part of an Enterprise Risk Mitigation strategy.