ICS security is always changing. Whatever challenges there are today might not be the challenges of tomorrow. That begs the question: what will have the greatest impact on ICS security in the next 5-10 years? We asked a number of security experts to find out. Hereâs what they had to say. Read their full responses here: https://www.tripwire.com/state-of-security/ics-security/greatest-impact-ics-security/
2. What will have the
greatest impact on ICS
security in the next 5-
10 years?
3. @TRIPWIREINC
GARY DIFAZIO
Strategic
Marketing
Director, ICS,
Tripwire
âWhile malware is a risk, nation-
state cyber warfare will be more
prevalent. This will be the new
battlefield. Automation vendors will
be pressured to create systems that
are secure by design, and as plant or
line upgrades happen, the next
generation systems will be more
cybersecurity aware to thwart
malicious behavior. Cybersecurity
capabilities will become part of
control systemsâ DNA.â
4. @PATRICKCMILLER
PATRICK MILLER
Managing
Partner,
Archer Energy
Solutions
âThe biggest impact will be the
unintended consequences of
digital transformation. This change
is good and necessary, but it
comes with risk. As we introduce
more and more digital endpoints,
these will become data streams.
There will be so many data
streams that we wonât be able to
hold or efficiently analyze all of
that data on-premise."
5. @TRIPWIREINC
NICK SHAW
Sr. Systems
Engineer, ICS,
Tripwire
âThe amount of legacy systems using
serial connections being migrated to
Ethernet-based networks will
increase significantly. IT technologies
will continue to permeate industrial
control systems, thus opening OT
assets up to threats that the IT side is
familiar withâŠ
Organizations need to shift focus and
put a bigger emphasis to protect the
OT environment from these threats.â
6. @LVANDENAWEELE
LARRY
VANDENAWEELE
Industry
Security
Professional
âOrganisations will be required
by some sort of regulating body
to introduce, implement and
refine their cybersecurity
maturity. The implementation of
security and remediation
controls will take time⊠Allowing
organisations to utilise security
features available in new control
system equipment should be a
priorityâŠâ
7. @TRIPWIREINC
KRISTEN
POULOS
GM of
Industrial,
Tripwire
âThe themes of IT/OT convergence
and automation will continue to
substantiate the need for organizations
to have a top-to-bottom cybersecurity
plan. This means budget consolidation
(likely to IT teams) and vendor
consolidation. Certainly, a significant
industry cyber event could turn any
prediction upside down, but our
mission as a security community is to
provide the solutions to prevent that
from happening.â
8. @LANE_THAMES
LANE THAMES
Sr. Security
Researcher,
Tripwire
âThe near future will have
industrial systems connected to
the fog or the cloud and, more
probably, both. The issue is that
this will introduce new
cybersecurity challenges that
traditional industrial systems
have never encountered. This will
be a time when ITOTSecOps will
be a requirements for industrial
systems.â
10. @GALINAANTOVA
GALINA ANTOVA
Co-Founder,
Claroty
ââŠIn the next 5-10 years, we can
reasonably expect that most of the
non-critical applications will be hosted
in a cloud environment.
If this transition is done with the right
security measures in place, then it could
have huge positive impact on
productivity.
However, for entities that donât invest
enough time/resources into the
cybersecurity angle, this cloud migration
could become significant exposure.â
11. @ISSSOURCE
GREG HALE
Editor/Founder,
Industrial
Safety and
Security Source
(ISSSource)
ââŠA secure environment in
5-10 years will come down
to how Artificial Intelligence
(AI) and analytics all play into
a resilient and holistic
security plan that
encompasses the entirety of
security, which includes
cyber and physical.â
12. @JSHERMCYBER
JUSTIN
SHERMAN
Cybersecurity
Policy Fellow,
New America
âIndustrial systems are going to
become increasingly connected to the
internet as IoT becomes more and
more essential to industrial operations
and those systems are also hooked
into 5G cellular networks, which are
promising much lower communication
delays between devices.
IoT device security is usually terribly
weak right out of the box, so this will
be a serious challenge for industrial
systems to manageâŠâ
13. @SCHNEIDERELEC
FRANCISCO
GARCIA
Director, Cyber
Security and
Networking
Digital Plant Line
of Business,
Schneider
Electric
âThe enforcement of more
stringent regulatory requirements
with regards to cyber security for
ICS environments is driving
organisations into required
change. While the intent of these
regulatory requirements is to
reduce risk and increase
cybersecurity maturity, it should
be seen as an implementation
journey.â