Andrew will begin with a 10-minute introduction into his controversial approach to ICS security and architecture that he calls Secure Operations Technology (SEC-OT). After that Dale will interview Andrew and give him the chance to address some of the common objection questions to this approach. (Note: this session and the next session on the security benefits of hyper-connectivity form a great point/counterpoint to consider for your ICSsec program)
Andrew’s Position: “IT-SEC = ‘protect the information. SEC-OT = protect physical operations from information – more specifically from attacks that may be embedded in information. SEC-OT practitioners observe that important industrial sites always have physical and cyber perimeters and that every information flow past those perimeters is an attack vector. SEC-OT therefore prioritizes thorough, physical, offline and online network perimeter protections and relegates conventional software-based IT protections to secondary roles. Most IT security practitioners though, and many OT practitioners as well, regard SEC-OT principles as archaic in an era where Internet connectivity and cloud-based decision making is reaching into even the most sensitive industrial components. SEC-OT practitioners counter that all software can be hacked, even secure-by-design, secure-boot, root-of-trusted IIoT software, and further argues that IT-style intrusion detection takes time and that environmental catastrophes, human lives and damaged turbines cannot be restored from backups, the way compromised IT assets can be.”
This presentation is a summary of, and defense of, SEC-OT principles for an ICS audience from the author of the new book Secure Operations Technology. Complimentary signed copies of Andrew’s book will be available to S4x19 attendees in the lobby on Tuesday.