Representative End User Clients
Representative Automation Clients
Representative Software Clients
Sid Snitkin, who leads ARC’s cybersecurity team, gave an opening presentation for the day of cybersecurity workshops at the 24th ARC Industry Forum in Orlando. ARC has been conducting cybersecurity workshops at this event for the last nine years. It began with a small group of about 25 people who discussed standards and issues prevalent at that time. Now, the event draws a standing room only audience. Others on ARC’s cybersecurity team, including Larry O’Brien, Eric Cosman, and Mark Luciw, helped to manage many of the day’s sessions.
Following the introduction, Sid discussed a variety of developments and trends that continue to drive the market for industrial cybersecurity products and services. Sid’s presentation can be viewed here on YouTube.
Trends in Cybersecurity for Industrial Infrastructure and Smart Cities
Most companies know what to do when it comes to protecting their plants against conventional cybersecurity threats. “Today, the whole problem is getting bigger and harder to manage. The threat landscape is simply getting tougher and more sophisticated,” said Sid. Also, there’s a lack of human resources, risks of sophisticated attacks are increasing, ransomware is increasing around the world, and cyber warfare has become a reality. These developments mean that industrial cybersecurity strategies need to look beyond attacks on plants. Industrial companies also need to worry about protecting IT systems and supply chains.
While the outside threat environment is challenging, there are changes happening within plants and within the industrial infrastructure that are creating additional vulnerabilities. “It's not just insecure devices, it's also about connectivity and new platforms.” More technology is being infused into solutions and suppliers need to manage this equipment and its security. As digital transformation efforts change the status quo companies need to ensure that they have one consistent security policy across all those domains and across those applications. And, this is especially challenging when companies have apps that span IT, OT, IoT, mobile devices, and devices that interface with many different sources of information at one time.
Sid closed his discussion with some comments about the ARC cybersecurity maturity model. Each step in this model has an associated set of people, processes, and technologies that are required to accomplish its goals. The model structures industrial/OT cybersecurity as a sequence of steps that organizations should take to build a cybersecurity program that meets their risk management goals. The model’s incremental nature enables managers to balance program costs with their company’s respective tolerance for risk. It also helps communicate the specific security benefits of different technologies and the need for coordination between the implementation of technology and the organization’s investments in security management technology, processes, and people.