A common best practice in any field is to benchmark performance or results against industry norms.
Based on comparison results, adjustments or business decisions can be made. In the case of industrial control systems (ICS), security benchmarking is a challenge because there isn’t a lot of data available and it’s not as extensive or granular as sometimes needed.
Some information is available through government bodies, consulting firms, security vendors and conferences. Unfortunately, design architects and operations engineering staff who work with plant networks, endpoints and control systems don’t always have access to current trends or interpretations of what those trends could mean for their day-to-day work.
An organization you should become familiar with is the SANS Institute
. It's a large US-based organization that specializes in globally cooperative research and education on cybersecurity. It started out years ago with an IT focus that dealt primarily with U.S. security concerns, but over the years, its work has become peer-reviewed and globally sourced, with a consortium of over 50 global advisors participating to date.
(publicly disclosed in 2010), SANS began a highly regarded ICS-specific practice of providing ICS/SCADA professionals with cybersecurity training for their plant environments. It also offers industrial cyber security professional certification
and conducts an annual survey that's open to global industrial organizations. Survey results are published in a written report and presented in a webcast.
Tripwire and Belden sponsored this year’s report. Both have experts who combine survey results with field perspectives in a fresh webinar designed to offer you the best of this year’s report highlights.
Join Tim Erlin, Jeff Lund and Katherine Brocklehurst as they discuss how to invest a 20 percent effort to gain 80 percent operational benefits of the most common ICS cybersecurity risks.
Key highlights include:
- Plant personnel are concerned that investments in technology have given managers a false sense of security, while a lack of resources and security management tools are undermining the effectiveness of those technology defenses.
- There's a lack of cybersecurity expertise in the plant and distrust of IT assistance.
- The security of critical infrastructure has been jeopardized by cultural roadblocks.
The advantage of the SANS survey results are that they are ICS-specific and quantitative. They also identify changes that have occurred over time in cyber security challenges and practices over time. Finally, the survey report includes specific sector-focused recommendations that should be evaluated for your own cyber security programs.
and receive the report following the webinar.