Cyber attacks on critical infrastructures are constantly increasing, driven by geopolitical conflicts as well as the long-standing problem of poor security devices that remain exposed and unprotected on the public internet.
But with cyber attacks on water treatment increasing plants and the issuance of the US federal government a high-profile warning Regarding China’s plans to destroy US critical infrastructure, the stakes could not be higher to protect existing ICS/OT systems.
Irfan Shakeel, Dubai-based vice president of training and certification services at cybersecurity provider OPSWAT, spoke to Dark Reading about what he sees as a knowledge gap in protection of critical infrastructures – and how the Middle East and Africa region is poised to improve cyber defenses in its ICS/OT networks. (OPSWAT offers certification in critical infrastructure protection).
Irfan Shakeel, vice president of training and certification services at OPSWAT
Dark reading: Why are we seeing greater urgency in protecting industrial networks in the last year?
Irfan Shakeel: Previously, all IT [networks in these organizations] was being attacked, but now so was the OT [is under attack]. The challenge organizations face, especially for the OT environment, is that most systems are legacy and we need to think about OT from the OT perspective; we can’t manage OT from an IT perspective.
So, regarding cybersecurity challenges: yes, cyber attacks are growing and attackers are targeting the OT side of the operation… [attackers] know that OT is the weak point.
DR: What type of security training and certification is available for OT defenders?
Shakeel: In the IT training environment, we have tons of training courses available online and offline and universities are also focusing on IT cybersecurity. However, regarding OT security, [the industry does] they do not have adequate education or training available in the market. That’s why in most organizations people doing OT are unaware of how to secure their OT environment.
They are really good at operations management, but they don’t know the security challenges and how to properly design, or securely design, the architecture of the OT environment.
If we train people properly, if we give them the right skills, knowledge and up-to-date resources on the evolving threat landscape and evolving cybersecurity challenges, they will be able to effectively protect their environment.
Without proper education or training, they will not be able to do this.
DR: What resources are available to security teams in this area?
Shakeel: [With] SCADA systems and other devices such as programmable logic controllers (PLC) … even if you search online, you will not find information on how to correctly or safely configure Siemens models or PLCs.
You can find the guides available in Siemens [documentation]. but most people don’t really read documentation, that’s why we need an easy to use way to teach them – to teach them how to configure a specific device or how to ensure their PLC transmits or sends data securely via channel to other OT devices.
People also need to figure out how to encrypt their data, because most communications still happen in plain text [in these environments].
Typically [OT] it should be isolated network and should not be available online… [when it is]it’s basically your organization welcoming attackers: “Hey, come see what kind of devices we’re using and check that our devices are properly patched.”
DR: From a Middle East and Africa perspective, what is the state of OT security?
Shakeel: In the Middle East and Africa region, the entire cybersecurity market is growing… and now organizations are focusing on… protecting their organizations.
EO in the Middle East region is very important, especially in the energy sector and oil and gas fields. After Saudi Aramco [attack]they have realized that cybersecurity is critical to keeping their businesses operational.
The attack on Saudi Aramco changed the way organizations invest in cybersecurity. Oil and gas organizations are now investing in cybersecurity solutions, tools and technologies, as well as investing in human resources.
So, in the Middle East region: it’s already there. The African region is growing rapidly and now organizations are also looking to invest in cybersecurity.
Cyber attacks [on OT networks] cause disruption and these organizations cannot afford disruption and cannot afford to have their processes disrupted.