Resources / Blogs / Industrial Security Search Our Industrial Security Blog

Many of us are familiar with the infamous video of thehacking at the Ukrainian power station in December, 2015that caused a blackout impacting a quarter million peoplein the area. As the hackers remotely took control of theirworkstations, the plant systems operators could do littlemore than record for posterity the activity that they sawon their PC screens with their mobile phones. So now, anyof us can go over to YouTube and watch in horror alongwith the operators as their cursor moves around theirscreen, maliciously clicking commands and trippingbreakers in various substations. Of significant interest, asthey helplessly watch the screen activity that wasadvancing their power station inevitably toward doom, wehear one operator say to the other “We should call the ITguys,” to which his colleague quickly replies “What if it’sthe IT guys doing this?”

I’d like to give kudos to both gentlemen—the first, forthinking of the resources and expertise of his ITcolleagues in the heat of the moment, and the second, forso effectively and dramatically illustrating a concern thatis so much in discussion today—the ambivalence and lackof understanding that can exist between OT and IT

Related Posts

CyberSecurity: TheCornerstoneof IIoTAdoptionAugust 16th,2017

IT/OT Convergence Means GreaterResources for Both

Robert Landavazo 7/11/18 IIoT

Broadcast Data Center Digital Building Industrial Ethernet Industrial Security Subscribe

Products Solutions Resources Partners

Support

LogIn

of understanding that can exist between OT and ITcolleagues.

Moving towards a new era of cooperation

As industry works – with varying degrees of success – tocreate a new world of IT/OT convergence and partnership,with the previously distinct lines and silos between theroles and responsibilities of each becoming more blurred,it pays to keep the comments of the Ukrainian operatorsin mind. If there had been greater teamwork between OTand IT in the plant in the months preceding, might theattack have been avoided or been mitigated in some way?

Whether or not that would have been the case, there are,unfortunately, more and more opportunities to ask thequestion. There has been a sharp increase in cyberattacks against industrial control systems, including arecent one that targeted plant safety instrumentationsystems in the oil and gas industry. It’s a disturbingincrease in the level of maliciousness to think that humanlife could be targeted and not just equipment. Anotherfrightening portent of possible things to come relates to arecent technical alert sent out by the U.S. IndustrialControl Systems Cyber Emergency Response Team (ICS-CERT). CERT warned that a hacked schematic of an 8.8megawatt turbine belonging to an American power plantwas retrieved from a Russian command and controlserver. Conjecturing what that could mean is a very scaryexercise. (However, on the positive side, gettingforewarned with this information is the first step towardsbeing forearmed, so it’s a good opportunity for me toreiterate that if you are not yet subscribing to theoutstanding alerts, advisories, reports and other

Topics

ICS Security

SCADA Security

Industrial CyberSecurity

Industrial Security

PLC Security

IndustrialNetworking

IoT Security

Industrial Firewall

Industrial NetworkSecurity

Stuxnet

Strengtheningthe SecurityPosture ofCritical EnergyInfrastructures– ConversationwithEnergySec’sNew PresidentSteve ParkerSeptember20th, 2016

IndustrialNetworking:5 Steps toBenefittingfrom the IIoTDecember2nd, 2015

View More

invaluable resources from ICS-CERT, do so right now!)

In late 2017, Belden’s Tripwire group once again teamedwith SANS Institute on their annual survey of ICS andplant operations engineering professionals to helpprovide a little insight. Among the disturbing findings:nearly 70% of respondents—insiders all—consider thecurrent threat to their systems to be high orsevere/critical. Their biggest single concern, they report,are devices unable to protect themselves being added tothe network. A top attack concern is ransomware, which isexploding, with levels nearly doubling year over year. Thisis the environment that we are in today.

Leverage the expertise on the other side of the house

While we at Tripwire and Belden have many OT clientswith fairly sophisticated cyber security resources, I believethat certainly, for the vast majority of organizations, thebulk of cyber security expertise resides in the ITdepartment. After all, they have been doing it far longerthan their OT colleagues and have been building expertiseand organizational infrastructure over decades. And that’sgood news—it means that OT doesn’t need to reinventthe wheel and build a new organization from scratch.Instead, they simply need to bridge the gap between ITand OT to accelerate their ability to ward off escalatingthreats and continue bolstering their cyber security.

IT has plenty to learn from OT as well. OT’s earnedexpertise in prioritizing uptime and resiliency can nodoubt find applications in other areas of the organization,as can their unrelenting focus on safety. Safety, of course,had never before been a driving priority in the IT world,but it’s something that will need to become morepronounced as the silos between IT and OT inevitablycrumble.

So how can OT and IT pros ease the transition? In aperfect world, of course, the drivers will come from seniormanagement, who create the structure of theorganization and codify expectations in formal policy andprocedure “bibles” as well as in directions to their staff.But more informally, each of us can work to get to knowcolleagues on the other side of the “T” and reach out tothem for relevant advice, never forgetting that there is avital human element to the IT/OT convergence as well as atechnological one. Maybe ask OT or IT managers to set upjoint meetings focusing upon common goals. Ifappropriate, perhaps even ask for an embeddedcolleague; for example, an IT cyber security expert on full-or part-time loan to help with OT challenges. Allorganizations are different of course, but the OT/ITconvergence will no doubt be looked back upon as aturning point in industry’s fight for cyber security andfurther harnessing of technology for business success.Being an early, proactive leader in that regard certainly, ingeneral, seems like a good role to be playing.

For a look at some other cyber security trends andbusiness challenges, view our on-demand webinarChallenges and Checklists: Defending Control SystemCyber Assets.

We at Belden and Tripwire work with a lot of differentorganizations in varying stages along the IT/OT

organizations in varying stages along the IT/OTconvergence continuum. We might be able to provideinsight to issues you may be having. Call us and we’ll beglad to start a dialog.

Related Links

Blog: 70 Percent of Energy Security Pros Fear DigitalAttacks

Blog: How Plant Operators Can Overcome the Lan-guage Barrier to Securing OT Environments

Blog: The Human Attack Surface: The Weakest Linkin Your ICS Security

White Paper: Network Security

eBook: Industrial Cyber Security for Dummies

PREVIOUS POST70 Percent ofEnergy SecurityPros Fear DigitalAttacks CouldProduce a“CatastrophicFailure”

Robert Landavazo

Robert Landavazo is a Systems Engineer at Tripwire where hefocuses on helping customers secure their Industrial ControlSystems. He has a background in in the electric utility sector,most recently working to implement a NERC CriticalInfrastructure Protection (CIP) internal compliance programleveraging Tripwire’s own product suite. While at this utility,Robert worked in Operations Technology to support SCADA inDistribution, Transmission and Generation. Prior to his tenurein utilities, Robert worked in Public Safety, managingemergency communications infrastructure like NextGeneration 911, IP Radio and Computer Aided Dispatchsystems.

CommentsFirst Name*

Last Name

Email*

Website

Comment*

Subscribe to follow-up comments for this post

Additional information regarding Belden’s data privacy policies,including how to withdraw consent, is available atBelden.com/about/privacy.

By clicking subscribe below, you consent to allow www.belden.com tostore and process the personal information submitted above toprovide you the content requested.

protected by reCAPTCHAPrivacy - Terms

Yes, I would like to receive marketing information from Belden Inc. and itsaffiliates, subsidiary companies and brands indicated below. I thereforeprovide my consent to the use of the personal information submitted here forthe purpose of providing me marketing information related to Belden and itssubsidiaries’ products, services and marketing events. I understand that I maywithdraw my consent at any time.Belden Inc. affiliates, subsidiary companies and brands include: Alpha Wire;Belden Deutschland GmbH; Coast Wire & Tech; Hirschmann Automation andControl GmbH; GarrettCom; Grass Valley; Lumberg Automation, Poliron; PPCBroadband; ProSoft Technology; S-A-M (Snell Advanced Media); Softel Ltd.;Thinklogical; Tofino Security; Tripwire; and West Penn Wire.

Submit Comment

QUICK LINKS

Contact Us

Online Product Catalog

Find a Distributor

Find an Installer

Training

ABOUT BELDEN

Career Opportunities

Corporate Governance

Corporate Responsibility

Investor Relations

Locations

Our Brands

WHAT'S NEW

Blogs

Events & Promotions

New Products

News

BELDEN SITES

Belden APAC

Belden Brands

Belden Canada (French)

Belden EMEA

© Copyright 2018 Belden Inc. Terms of Use Terms of Sale Privacy Contact ! " #