The Radiflow Security Blog
While not defined as such, the RSA annual conference, which I had just attended in San Francisco, has traditionally been seen as a stronghold of the IT security market. But times are changing, and for the first time, being an OT guy at RSA didn’t feel so lonely.
ICS cybersecurity was hardly on the agenda in previous RSA conferences. In 2018, ICS/SCADA security was mentioned in keynote speeches about risk management, and a few attending startups did address this issue. However, ICS security still received very limited attention.
This year clearly marked a change. As far as I could see, IT System Integrators this year have shown an increased interest in offering a holistic solution for their industrial (IIoT/ICS/SCADA) clients.
In particular, system Integrators operating SOC services showed interest in offering ICS production monitoring capabilities to their existing SOC portfolio. Whether this is the right way to go—the debate over the pros and cons of a single IT/OT consolidated SOC would in itself take a two-day symposium—the demand for such a service clearly represents a change in the way ICS security is perceived.
Another indicator for the changed perception of ICS security is the amount of attention Radiflow had received at RSA for our newly-introduced attack-vector and risk metrics for ICS assets and environments. As published in a widely-circulated whitepaper, Radiflow’s new approach toward threat assessment uses contextual scoring for prioritizing alerts. Many system integrators at RSA agreed with our approach, that there’s no point in an alert if it’s not actionable.
(I always believed that system integrators, more than other stakeholders in the industry, know best where the wind is blowing. If they see opportunity in the ICS market, that’s where the market is heading, no question about it.)
I predict that next year we will see many industrial/automation end-users inquiring about IT cyber control systems that can be used in OT environments Stay tuned!