Many of the ideas in this article are shared by other thought leaders in the industry. The main theme from the article is that due to the inherent flawed design of the Internet, there will be a resulting lack of assurance for industrial control systems connected to it. No amount of resources or spending will completely shield you. There is no silver bullet and no one is ever completely safe.
Idaho National Laboratory proposes an effective method reducing likelihood of compromise to critical systems: “Identify the functions whose failure would jeopardize your business, isolate them from the Internet to the greatest extent possible, reduce their reliance on digital technologies to an absolute minimum, and backstop their monitoring and control with analog devices and trusted human beings.”
Elon Musk recently tweeted something about humans:
Mr. Bochman takes care to communicate that the approach to do this needs to be very deliberate.
Reliability, resiliency, efficiency, and safety are major concerns to critical infrastructure. If an ICS system could affect the safety of hundreds, the economic stability of millions, then consider analog monitoring as an additional component and trust the human. If an ICS system has a lower impact to critical infrastructure, connect the system (at your own risk!), but apply appropriate controls around the system after determining the consequences a compromise of the system will have and implementing controls to reduce the risk.
Three things make this a radical idea:
- This approach tends to run contrary to industry trends in digitizing everything.
- How feasible is it to slow down or reverse a major industry trend?
- Trusting the human.
It will be interesting to follow the concept as it matures and more use-cases are studied. Actions that can be taken today are called out in their consequence driven approach to managing ICS risk. These are cybersecurity best practices.
- Identify your crown jewels
- Understand your architecture
- Determine likely attack vectors
- Implement security controls
Not in their article, but a good idea:
- Continually assume that answers to 1 thru 4 have changed, or were never correct. Implement a process to continually challenge assumptions.