I am kicking off a new research series on critical infrastructure protection.  This first report is titled: “Brief: S&R Pros Can No Longer Ignore Threats To Critical Infrastructure.”  

Critical infrastructure is frequently on my mind, especially the ICS/SCADA within the energy sector. I live in Texas; oil and natural gas are big here ya'll. I'm just a short distance away from multiple natural gas drilling sites.  I cannot help but think about the risks during the extraction and transport of this natural gas.  North Texas has seen an attempt to bomb the natural gas infrastructure. In 2012, Anson Chi attempted to destroy an Atmos Energy pipeline in Plano, Texas. As a security and risk professional, I wonder about the potential cyber impacts an adversary with Chi's motivations could have.

Others are worried as well. Given the market opportunity around CIP, it isn’t surprising that vendors are rushing to provide products and services to address the need. Many of these vendors lack experience working with Operational Technology (OT) and are taking a traditional information security approach to solving the problem. It isn’t uncommon to see a vendor promoting a traditional network security solution such as intrusion detection or intrusion prevention as being “critical infrastructure/ ICS/SCADA ready,” when in fact the solution doesn’t speak the protocols typically seen in these environments. You know the saying: "You can put lipstick on a pig, but it is still a pig." In the report, I provide a list of product vendors and consultancies that possess the actual expertise to help you secure these OT environments. In addition I discuss: 
  • Threats to your critical infrastructure.
  • The Lockheed Martin acquisition of Industrial Defender as well as the General Electric (GE) acquisition of Wurldtech.  
  • The unique nature of providing security within OT environments. 

Let me know what you think. 

Image source: Wikipedia