Why Read This
For years, security and risk (S&R) professionals have focused almost exclusively on protecting the organization's sensitive information resources, such as customer data, intellectual property, and trade secrets, and the systems that process and store this information. Until recently, S&R largely ignored the organization's operational technology and automated systems. As organizations instrument, automate, and interconnect these systems to improve safety, improve service reliability, reduce costs, and generate new sources of revenue, they do so with more sophisticated software and network connectivity. If something is controlled via software and connected to a network, it will be compromised. Now S&R pros must worry about how they will protect the integrity and availability of gas pipelines, power grids, and medical devices, just to name a few examples. As the Internet of Things explodes, S&R pros will have to contend with the security and privacy of a plethora of connected things; in this brief, we focus on the cybersecurity of critical infrastructure and industrial control systems found in the energy, waste water, and chemical industries.