The debate panels at CCICon2 were among my favorites. Let’s face it… panel discussions can be a bit dry without an alternate point of view!
“Learning from Cybersecurity Incidents in the Industrial World” generated differing perspectives on prevention, detection, and response. Prevention and response activities often involve patching.
My presentation hinted at a series of vulnerabilities with available exploits targeting 3rd party library components used by many industrial control system HMIs. Fortunately, updates for the 3rd party library are available.
Many critical infrastructure operators successfully apply these patches in coordination with supplier qualification. However we also observed ‘sticky’ cases where commercial and/or technical factors blocked deployment of updates.
In these cases some turn to perimeter defenses to protect the fragile HMIs. Opening day 2 of the Congress, Claudio Caracciolo highlighted just how inventive plant operation staff can be in circumventing perimeter defenses. He emphasized human and cultural factors as more important than the technical gadgetry.
One leading organization mentioned yet a different approach. Since HMIs are prone to human induced problems (regardless of cyber or not) the plant invested in a resilient design with a rapid restore capability. If problems are detected on the HMI, operators switch over and the suspect HMI station is simply restored to a known good image.
In summary, it takes a lot to keep cyber incidents at bay and it seems everyone has an interesting approach. The Congress is an ideal forum for sharing what works and what doesn’t.
Thanks for organizing a successful Congress and I look forward to future activities with CCI.
Bryan S. Owen PE
OSIsoft LLC – Cyber Security Manager