Our firm focuses on improving production and/or safety, while ensuring cyber resilience. We frequently point out that design issues, misconfigurations, and other human related issues represent the largest risk to production and safety. But lately, cyber risks like Petya are elevating in frequency, impact and risk.
Ransomware like Petya and WannaCry are happening at an ever-increasing clip, and can be debilitating. Others, like Stuxnet and CrashOverride are crossing into the physical realm, with the ability to take down entire power systems or worse.
This also marks the point in time where plausible deniability goes out the window. We have now seen a chain of events building up in frequency, intensity, and consequence. It is all out there for senior officers to see. So, the question is – to what extent will shareholders and other regulatory bodies hold officers responsible for knowing the risk that exists, yet not taking proper steps to protect, detect, and remediate?
Final point - its easy to say that industrial companies should be patching Windows systems. But the reason operators don't risk patching those systems is due to the fear of those critical systems afterwards not reinitizlizing properly and the negative consequences of that failure. To combat this, mature solutions like NexDefense IntegrityTM and others provide deep visibility that is performed 100% passively so as to ensure there are no blind spots or unnecessary downtime. These systems know what normal looks like and can easily detect and alert to problems as they occur, minimizing impact and speeding remediation. Better yet, these solutions are purpose built for ICS environment, which is a must. Given the threat landscape that is playing out in front of us, there's simply no excuse for denying investment into detection, prevention and forensics capabilities. Most systems cost an infinitesimal fraction of a single hour of production downtime or of a human life.
NexDefense empowers industrial control system operators with the real-time knowledge needed to improve system and process integrity, and ensure cyber resilience. The 2016 Entreprenueral Award Winner, NexDefense has been recognized by Frost & Sullivan and others as the market leading Industrial IoT and industrial cyber security solution, with deployments across mission critical networks in utilities, oil & gas, defense, manufacturing, water/wastewater, pharmaceuticals and more. For more information, visit http://www.nexdefense.com/.