The latest ICS Security conference, S4x18 reminded me of the phrase, "the more things change, the more they stay the same."
While the same, popular cybersecurity topics are circulated, the challenges and constraints on end users (i.e. budgets, staff, support, understanding, OEMs, politics, etc.) never really change. What does change is the evolution of cybersecurity tools to address the same challenges.
The cybersecurity market tends to spin into a frenzy about the latest way to solve an impossible task with a "silver bullet" solution. But in the end, we realize there is no silver bullet. Security is a program: A never ending, constantly evolving, user supported, technology-enabled program.
S4x18 ICS detection challenge
In a nod to the aforementioned market frenzy, a lot of anomaly detection tools are leading market discussions about the pros and cons of relative offerings in this space. Make no mistake, there is good technology under the hood. And alarm/event monitoring with either signature or behavior-based models is a progression of technology.
What is missing is the context in which these tools add value (that context here is an anomaly detection tool is one component of a larger overall strategy). Technology is never perfect. The results of the S4x18 detection challenge are widely publicized by participants each stating their victory within their view of the exercise.
All of these tools are a single discipline within an overall security program. They are not a standalone silver bullet or final destination for 100% of your security budget.
ICS topic trends
Another big takeaway came in the form of conclusions of polling participants about their biggest cybersecurity challenges.
Top three ICS challenges:
- Reduce cost and complexity of compliance, whether regulatory, corporate or best practice
- Capture cybersecurity investment
- Tie services and software together with skilled cyber experts
The persistent cybersecurity struggle is in the consistent execution of a program in the face of increased cyberthreats and technology, decreased budgets and a lack of skilled staff.
It doesn't come down to which cybersecurity tool you use, but how you leverage the tools you have to create a cohesive and comprehensive solution.